CVE-2019-16355

Name of the Vulnerable Software and Affected Versions Beego versions 1.10.0 through 1.12.1

Description The issue concerns weak permissions for session files, allowing local users to read session data. This is due to the File Session Manager in Beego storing session data with permissive permissions, enabling local users with filesystem access to read arbitrary data. A race condition involving file creation within a directory with weak permissions also contributes to this issue.

Recommendations For Beego versions 1.10.0 through 1.12.1, update to version 1.12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to session files to minimize the risk of exploitation.