Lucene search

PRIOn knowledge basePRION:CVE-2012-4404

HistorySep 10, 2012 - 10:55 p.m.

Design/Logic Flaw

2012-09-1022:55:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.3%

JSON

security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as “All,” “Known,” or “Trusted,” which allows remote authenticated users with virtual group membership to be treated as a member of the group.

CPENameOperatorVersion
moinmoineq1.9.3
moinmoineq1.9.0
moinmoineq1.9.4
moinmoineq1.9.2
moinmoineq1.9.1

Name	Operator	Version
moinmoin	eq	1.9.3
moinmoin	eq	1.9.0
moinmoin	eq	1.9.4
moinmoin	eq	1.9.2
moinmoin	eq	1.9.1

References

hg.moinmo.in/moin/1.9/rev/7b9f39289e16

moinmo.in/SecurityFixes

secunia.com/advisories/50474

secunia.com/advisories/50496

secunia.com/advisories/50885

www.debian.org/security/2012/dsa-2538

www.openwall.com/lists/oss-security/2012/09/04/4

www.openwall.com/lists/oss-security/2012/09/05/2

www.ubuntu.com/usn/USN-1604-1

6.5 Medium

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for PRION:CVE-2012-4404