MoinMoin vulnerabilities

2009-01-3000:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

5.9

Confidence

High

EPSS

0.063

Percentile

93.7%

JSON

Releases

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10
Ubuntu 6.06

Packages

moin -

Details

Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)

Fernando Quintero discovered that MoinMoin did not properly sanitize its input
when attaching files, resulting in cross-site scripting vulnerabilities. This
issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781)

It was discovered that MoinMoin did not properly sanitize its input when
processing user forms. A remote attacker could submit crafted cookie values and
overwrite arbitrary files via directory traversal. This issue affected Ubuntu
6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0782)

It was discovered that MoinMoin did not properly sanitize its input when
editing pages, resulting in cross-site scripting vulnerabilities. This issue
only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1098)

It was discovered that MoinMoin did not properly enforce access controls,
which could allow a remoter attacker to view private pages. This issue only
affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1099)

It was discovered that MoinMoin did not properly sanitize its input when
attaching files and using the rename parameter, resulting in cross-site
scripting vulnerabilities. (CVE-2009-0260)

It was discovered that MoinMoin did not properly sanitize its input when
displaying error messages after processing spam, resulting in cross-site
scripting vulnerabilities. (CVE-2009-0312)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchpython-moinmoin< 1.7.1-1ubuntu1.1UNKNOWN
Ubuntu8.04noarchpython-moinmoin< 1.5.8-5.1ubuntu2.2UNKNOWN
Ubuntu8.04noarchmoinmoin-common< 1.5.8-5.1ubuntu2.2UNKNOWN
Ubuntu7.10noarchpython-moinmoin< 1.5.7-3ubuntu2.1UNKNOWN
Ubuntu7.10noarchmoinmoin-common< 1.5.7-3ubuntu2.1UNKNOWN
Ubuntu6.06noarchpython2.4-moinmoin< 1.5.2-1ubuntu2.4UNKNOWN
Ubuntu6.06noarchmoinmoin-common< 1.5.2-1ubuntu2.4UNKNOWN
Ubuntu6.06noarchpython-moinmoin< 1.5.2-1ubuntu2.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.10	noarch	python-moinmoin	< 1.7.1-1ubuntu1.1	UNKNOWN
Ubuntu	8.04	noarch	python-moinmoin	< 1.5.8-5.1ubuntu2.2	UNKNOWN
Ubuntu	8.04	noarch	moinmoin-common	< 1.5.8-5.1ubuntu2.2	UNKNOWN
Ubuntu	7.10	noarch	python-moinmoin	< 1.5.7-3ubuntu2.1	UNKNOWN
Ubuntu	7.10	noarch	moinmoin-common	< 1.5.7-3ubuntu2.1	UNKNOWN
Ubuntu	6.06	noarch	python2.4-moinmoin	< 1.5.2-1ubuntu2.4	UNKNOWN
Ubuntu	6.06	noarch	moinmoin-common	< 1.5.2-1ubuntu2.4	UNKNOWN
Ubuntu	6.06	noarch	python-moinmoin	< 1.5.2-1ubuntu2.4	UNKNOWN