Lucene search

K

GitHub Advisory DatabaseGHSA-G4MX-RM5Q-VH24

HistoryMay 17, 2022 - 5:11 a.m.

MoinMoin Improper Access Control

2022-05-1705:11:14

CWE-284

GitHub Advisory Database

github.com

3

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as “All,” “Known,” or “Trusted,” which allows remote authenticated users with virtual group membership to be treated as a member of the group.

CPENameOperatorVersion
moinlt1.9.5

References

hg.moinmo.in/moin/1.9/rev/7b9f39289e16

moinmo.in/SecurityFixes

www.debian.org/security/2012/dsa-2538

www.openwall.com/lists/oss-security/2012/09/04/4

www.openwall.com/lists/oss-security/2012/09/05/2

www.ubuntu.com/usn/USN-1604-1

github.com/advisories/GHSA-g4mx-rm5q-vh24

github.com/moinwiki/moin/commit/b7791166cb3613d07c6e8eea966b4f763b2de660

nvd.nist.gov/vuln/detail/CVE-2012-4404

web.archive.org/web/20151016233452/secunia.com/advisories/50885

web.archive.org/web/20151017041746/secunia.com/advisories/50474

web.archive.org/web/20151017041755/secunia.com/advisories/50496

6.3 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

Related for GHSA-G4MX-RM5Q-VH24

nessus6 securityvulns2 osv1 openvas16 fedora5 debiancve1 freebsd1 cve1 ubuntucve1 debian1 cvelist1 prion1 ubuntu1