Lucene search

K

GitHub Advisory DatabaseGHSA-6GX4-29V9-G9Q5

HistoryMay 17, 2022 - 5:17 a.m.

MoinMoin Multiple vulnerable to directory traversal

2022-05-1705:17:04

CWE-22

GitHub Advisory Database

github.com

3

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.955 High

EPSS

Percentile

99.4%

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.

Affected configurations

Vulners

Node

moinRange<1.9.6

CPENameOperatorVersion
moinlt1.9.6

References

hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f

moinmo.in/MoinMoinRelease1.9

moinmo.in/SecurityFixes

ubuntu.com/usn/usn-1680-1

www.debian.org/security/2012/dsa-2593

www.openwall.com/lists/oss-security/2012/12/29/6

www.openwall.com/lists/oss-security/2012/12/30/4

bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599

github.com/advisories/GHSA-6gx4-29v9-g9q5

nvd.nist.gov/vuln/detail/CVE-2012-6495

web.archive.org/web/20151017045319/secunia.com/advisories/51696

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.1 High

AI Score

Confidence

Low

0.955 High

EPSS

Percentile

99.4%

Related for GHSA-6GX4-29V9-G9Q5

cve2 nvd2 debiancve2 osv2 prion2 cvelist2 ubuntucve2 nessus9 openvas10 gentoo1 fedora3 thn2 dsquare1 seebug1 packetstorm1 zdt1 github1 canvas1 checkpoint_advisories1 freebsd1