Lucene search

K
ubuntuUbuntuUSN-458-1
HistoryMay 08, 2007 - 12:00 a.m.

MoinMoin vulnerabilities

2007-05-0800:00:00
ubuntu.com
40

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%

Releases

  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06

Details

A flaw was discovered in MoinMoin’s error reporting when using the
AttachFile action. By tricking a user into viewing a crafted MoinMoin
URL, an attacker could execute arbitrary JavaScript as the current
MoinMoin user, possibly exposing the user’s authentication information
for the domain where MoinMoin was hosted. (CVE-2007-2423)

Flaws were discovered in MoinMoin’s ACL handling for calendars and
includes. Unauthorized users would be able to read pages that would
otherwise be unavailable to them.

OSVersionArchitecturePackageVersionFilename
Ubuntu7.04noarchpython-moinmoin< 1.5.3-1.1ubuntu3.1UNKNOWN
Ubuntu6.10noarchpython2.4-moinmoin< 1.5.3-1ubuntu1.3UNKNOWN
Ubuntu6.06noarchpython2.4-moinmoin< 1.5.2-1ubuntu2.3UNKNOWN

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.6%