5.5

CVE-2019-16355

Exploit
The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BeegoBeego Version1.10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.1
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://github.com/astaxie/beego/issues/3763
Exploit
Technical Description