CVE-2024-40465

Published: Jul 31, 2024Modified: Aug 15, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file

Affected (1)

Products: Beego: Beego

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Beego Beego	Before 2.2.1

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

Use of Weak Hash

The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).

References (1)

https://gist.github.com/nyxfqq/a5a2fc5147a1b34538e1ac05a3e56910

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.