3 matches found
CVE-2022-31259
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places e.g., p1.xml instead of p1...
Security Bulletin: IBM Storage Fusion HCI is vulnerable to directory traversal due to Beego.
Summary Beego is used by IBM Storage Fusion HCI as part of the user interface. See Vulnerability Details below. CVE-2022-31836, CVE-2022-31259. Vulnerability Details CVEID:CVE-2022-31836 DESCRIPTION: Beego could allow a remote attacker to traverse directories on the system, caused by a flaw in th...
CVE-2022-31259
CVE-2022-31259 affects the Beego HTTP router. A flaw in route matching allows bypassing access control by appending .xml in a /p1/p2/:name route, enabling access to otherwise restricted paths. Affected: Beego before 1.12.9 and Beego 2.x before 2.0.3. Impact ranges from basic to elevated access de...