10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.027 Low
EPSS
Percentile
90.5%
MoinMoin is a Python clone of WikiWiki, based on PikiPiki.
MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor.
Restrictions on anonymous users were not properly enforced. This could lead to unauthorized users gaining administrative access to functions such as “revert” and “delete”. Sites are vulnerable whether or not they are using ACLs.
There is no known workaround.
All users should upgrade to the latest available version of MoinMoin, as follows:
# emerge sync
# emerge -pv ">=www-apps/moinmoin-1.2.3"
# emerge ">=www-apps/moinmoin-1.2.3"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | www-apps/moinmoin | <= 1.2.2 | UNKNOWN |