MoinMoin Full-Text Search ACL Security Bypass

2005-01-24T10:11:26
ID OSVDB:13184
Type osvdb
Reporter OSVDB
Modified 2005-01-24T10:11:26

Description

Vulnerability Description

MoinMoin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user performs a full text search, which will return results without respect for any ACLs set on the result pages, and will grant users access to pages that would otherwise be unavailable resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.3.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MoinMoin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user performs a full text search, which will return results without respect for any ACLs set on the result pages, and will grant users access to pages that would otherwise be unavailable resulting in a loss of confidentiality.

References:

Vendor URL: http://moinmoin.wikiwikiweb.de/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?release_id=299804 Vendor Specific Advisory URL Secunia Advisory ID:14001 ISS X-Force ID: 19075