CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
88.1%
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in
certain inappropriate circumstances during processing of hierarchical ACLs,
which allows remote attackers to bypass intended access restrictions by
requesting an item, a different vulnerability than CVE-2008-6603.
Author | Note |
---|---|
mdeslaur | Hierarchical ACLs were introduced in 1.6.0, so dapper and hardy don’t appear to be vulnerable. |