Lucene search

K
osvGoogleOSV:DSA-1514-1
HistoryMar 09, 2008 - 12:00 a.m.

moin

2008-03-0900:00:00
Google
osv.dev
2

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.083 Low

EPSS

Percentile

94.4%

Several remote vulnerabilities have been discovered in MoinMoin, a
Python clone of WikiWiki. The Common Vulnerabilities and Exposures
project identifies the following problems:

  • CVE-2007-2423
    A cross-site-scripting vulnerability has been discovered in
    attachment handling.
  • CVE-2007-2637
    Access control lists for calendars and includes were
    insufficiently enforced, which could lead to information
    disclosure.
  • CVE-2008-0780
    A cross-site-scripting vulnerability has been discovered in
    the login code.
  • CVE-2008-0781
    A cross-site-scripting vulnerability has been discovered in
    attachment handling.
  • CVE-2008-0782
    A directory traversal vulnerability in cookie handling could
    lead to local denial of service by overwriting files.
  • CVE-2008-1098
    Cross-site-scripting vulnerabilities have been discovered in
    the GUI editor formatter and the code to delete pages.
  • CVE-2008-1099
    The macro code validates access control lists insufficiently,
    which could lead to information disclosure.

For the stable distribution (etch), these problems have been fixed in
version 1.5.3-1.2etch1. This update also includes a bugfix with respect to the
encoding of password reminder mails, which doesn’t have security
implications.

The old stable distribution (sarge) will not be updated due to
the many changes and support for Sarge ending end of this month
anyway. You’re advised to upgrade to the stable distribution if
you run moinmoin.

We recommend that you upgrade your moin package.

CPENameOperatorVersion
moineq1.5.3-1.2

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.083 Low

EPSS

Percentile

94.4%