Lucene search

GoogleOSV:PYSEC-2012-10

HistorySep 10, 2012 - 10:55 p.m.

PYSEC-2012-10

2012-09-1022:55:00

Google

osv.dev

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as “All,” “Known,” or “Trusted,” which allows remote authenticated users with virtual group membership to be treated as a member of the group.

CPENameOperatorVersion
moineq1.9.2
moineq1.9.4
moineq1.9.0
moineq1.9.1
moineq1.9.3

Name	Operator	Version
moin	eq	1.9.2
moin	eq	1.9.4
moin	eq	1.9.0
moin	eq	1.9.1
moin	eq	1.9.3

References

hg.moinmo.in/moin/1.9/rev/7b9f39289e16

moinmo.in/SecurityFixes

secunia.com/advisories/50474

secunia.com/advisories/50496

secunia.com/advisories/50885

www.debian.org/security/2012/dsa-2538

www.openwall.com/lists/oss-security/2012/09/04/4

www.openwall.com/lists/oss-security/2012/09/05/2

www.ubuntu.com/usn/USN-1604-1

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

Related for OSV:PYSEC-2012-10