Description

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.

Remediation

References

CVE-2019-16354

Related Vulnerabilities

WordPress Plugin YITH WooCommerce Product Bundles Security Bypass (1.1.15)

WordPress Plugin Pinterest 'Pin It' Button Multiple Unspecified Vulnerabilities (1.3.1)

WordPress Plugin Sidebar Adder 2 Cross-Site Scripting (2.0.0)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3056)

Apache Tomcat Other Vulnerability (CVE-2011-1419)

Severity

Medium

Classification

CVE-2019-16354 CWE-732 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities