The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route…
mitre·CWE-284·Published 2022-05-21
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
Routes in the beego HTTP router can match unintended patterns. This overly-broad matching may permit an attacker to bypass access controls. For example, the pattern "/a/b/:name" can match the URL "/a.xml/b/". This may bypass access control applied to the prefix "/a/".
The route lookup process in beego prior to 1.12.9 and 2.x prior to 2.0.3 allows attackers to bypass access control. When a /`p1`/`p2`/`:name` route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
El proceso de búsqueda de rutas en beego versiones hasta 1.12.4 y versiones2.x hasta 2.0.2, permite a atacantes omitir el control de acceso. Cuando es configurada una ruta /p1/p2/:name, los atacantes pueden acceder a ella al añadir .xml en varios lugares (por ejemplo, p1.xml en lugar de p1)
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 6.8 | 8.6 | 6.4 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| 3.1 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| 3.1 | Secondary | GHSA | 9.8 | — | — | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |