GitHub Advisory DatabaseGHSA-574F-MH6M-C6QMMoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.0%
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975
hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES
lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html
lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html
marc.info/?l=oss-security&m=126625972814888&w=2
marc.info/?l=oss-security&m=126676896601156&w=2
moinmo.in/MoinMoinRelease1.8
moinmo.in/SecurityFixes
www.debian.org/security/2010/dsa-2014
www.openwall.com/lists/oss-security/2010/02/15/2
bugzilla.redhat.com/show_bug.cgi?id=565604
exchange.xforce.ibmcloud.com/vulnerabilities/56002
github.com/advisories/GHSA-574f-mh6m-c6qm
nvd.nist.gov/vuln/detail/CVE-2010-0668
web.archive.org/web/20111225112846/secunia.com/advisories/38903
web.archive.org/web/20140725192956/secunia.com/advisories/38709
web.archive.org/web/20140806190238/secunia.com/advisories/38444
web.archive.org/web/20200228174758/www.securityfocus.com/bid/38023
Related
6.6 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
85.0%