GitHub Advisory DatabaseGHSA-876C-QMCF-CXV6MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
71.7%
MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.
Affected configurations
References
hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES
hg.moinmo.in/moin/1.9/rev/04afdde50094
hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
marc.info/?l=oss-security&m=126625972814888&w=2
marc.info/?l=oss-security&m=126676896601156&w=2
moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
moinmo.in/SecurityFixes
secunia.com/advisories/38242
www.openwall.com/lists/oss-security/2010/01/21/6
www.openwall.com/lists/oss-security/2010/02/15/2
github.com/advisories/GHSA-876c-qmcf-cxv6
nvd.nist.gov/vuln/detail/CVE-2010-0667
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
71.7%