CVE-2022-31259

ADVISORY - github

Summary

The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).

EPSS Score⁠: 0.00201 (0.585)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

ADVISORY - github

CWE-284⁠

Improper Access Control

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY IDCVE-2022-31259⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

9.8critical

GitHub

CREATED

2 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-qx32-f6g6-fcfr⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

9.8critical

GoLang

CREATED

2 years ago

UPDATED

5 months ago

ADVISORY IDGO-2022-0463⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

GitLab

CREATED

2 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2022-31259

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-937⁠

CVSS SCORE

9.8critical

intheWild

CREATED

1 year ago

UPDATED

1 year ago

ADVISORY IDCVE-2022-31259⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY