Lucene search

K

Gentoo FoundationGLSA-201309-14

HistorySep 24, 2013 - 12:00 a.m.

MoinMoin: Multiple vulnerabilities

2013-09-2400:00:00

Gentoo Foundation

security.gentoo.org

35

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.955 High

EPSS

Percentile

99.4%

Background

MoinMoin is a Python WikiEngine.

Description

Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker may be able to execute arbitrary code with the privileges of the process, overwrite arbitrary files, or conduct Cross-Site Scripting (XSS) attacks.

Workaround

There is no known workaround at this time.

Resolution

All MoinMoin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=www-apps/moinmoin-1.9.6"

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/moinmoin< 1.9.6UNKNOWN

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.955 High

EPSS

Percentile

99.4%

Related for GLSA-201309-14

nessus9 openvas10 fedora3 thn2 freebsd1 cve4 nvd4 debiancve4 osv4 prion4 cvelist4 ubuntucve4 github4 dsquare1 seebug1 packetstorm1 zdt1 canvas1 veracode1 checkpoint_advisories1