QID 981826

QID 981826: Go (go) Security Update for github.com/astaxie/beego/session (GHSA-f6px-w8rh-7r89)

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

  • CVSS V3 rated as Medium - 4.7 severity.
  • CVSS V2 rated as Low - 1.9 severity.
  • Solution
    Customers are advised to refer to GHSA-f6px-w8rh-7r89 for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 981826

    Software Advisories
    Advisory ID Software Component Link
    GHSA-f6px-w8rh-7r89 github.com/astaxie/beego/session URL Logo github.com/advisories/GHSA-f6px-w8rh-7r89
    GHSA-f6px-w8rh-7r89 github.com/beego/beego URL Logo github.com/advisories/GHSA-f6px-w8rh-7r89