Lucene search

GitHub Advisory DatabaseGHSA-RQXP-6926-HPHR

HistoryMay 01, 2022 - 11:45 p.m.

MoinMoin vulnerable to privilege escalation

2022-05-0123:45:03

CWE-284

GitHub Advisory Database

github.com

moinmoin

userform.py

privilege escalation

vulnerability

remote attackers

software

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.019

Percentile

88.4%

JSON

The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.

Affected configurations

Vulners

Node

moinRange<1.6.3

VendorProductVersionCPE
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	moin	*	cpe:2.3:a::moin::::::::*

References

moinmo.in/SecurityFixes

security.gentoo.org/glsa/glsa-200805-09.xml

exchange.xforce.ibmcloud.com/vulnerabilities/41909

github.com/advisories/GHSA-rqxp-6926-hphr

nvd.nist.gov/vuln/detail/CVE-2008-1937

web.archive.org/web/20080628213526/secunia.com/advisories/29894

web.archive.org/web/20080724211750/www.securityfocus.com/bid/28869

web.archive.org/web/20081002145815/hg.moinmo.in/moin/1.6/rev/f405012e67af

web.archive.org/web/20081007072837/secunia.com/advisories/30160

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.5

Confidence

Low

EPSS

0.019

Percentile

88.4%

JSON

Related for GHSA-RQXP-6926-HPHR