Description
The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/astaxie/beego/issues/3763
Scores
CVSS v3
4.7
EPSS
0.0003
EPSS Percentile
8.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-362
CWE-732
Status
published
Products (3)
astaxie/beego
0 - 1.12.2Go
beego/beego
1.10.0
beego/beego
0 - 1.12.2Go
Published
Sep 16, 2019
Tracked Since
Feb 18, 2026