Lucene search

K
githubGitHub Advisory DatabaseGHSA-6766-R2RX-MFW9
HistoryMay 01, 2022 - 11:33 p.m.

MoinMoin Directory traversal vulnerability

2022-05-0123:33:03
CWE-22
GitHub Advisory Database
github.com
1

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8 High

AI Score

Confidence

Low

0.083 Low

EPSS

Percentile

94.4%

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. The issue has been fixed on e69a16b6e630.

Affected configurations

Vulners
Node
moinRange1.5.8
CPENameOperatorVersion
moinle1.5.8

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

8 High

AI Score

Confidence

Low

0.083 Low

EPSS

Percentile

94.4%