CVE-2012-4404

🗓️ 10 Sep 2012 00:00:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 21 Views

MoinMoin 1.9 through 1.9.4 allows virtual group names to be treated as a member of the grou

Reporter	Title	Published	Views	Family All 42
FreeBSD	moinmoin -- wrong processing of group membership	3 Sep 201200:00	–	freebsd
CVE	CVE-2012-4404	10 Sep 201222:00	–	cve
Cvelist	CVE-2012-4404	10 Sep 201222:00	–	cvelist
Debian	[SECURITY] [DSA 2538-1] moin security update	5 Sep 201218:42	–	debian
Debian CVE	CVE-2012-4404	10 Sep 201222:00	–	debiancve
Tenable Nessus	Debian DSA-2538-1 : moin - privilege escalation	6 Sep 201200:00	–	nessus
Tenable Nessus	Fedora 16 : moin-1.9.4-3.fc16 (2012-13400)	18 Sep 201200:00	–	nessus
Tenable Nessus	Fedora 17 : moin-1.9.4-3.fc17 (2012-13408)	18 Sep 201200:00	–	nessus
Tenable Nessus	Fedora 18 : moin-1.9.4-3.fc18 (2012-13528)	18 Sep 201200:00	–	nessus
Tenable Nessus	FreeBSD : moinmoin -- wrong processing of group membership (4f99e2ef-f725-11e1-8bd8-0022156e8794)	5 Sep 201200:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	10.04	any	moin	1.9.2-2ubuntu3.2	moin_1.9.2-2ubuntu3.2_any.deb
Ubuntu	11.04	any	moin	1.9.3-1ubuntu1.11.04.1	moin_1.9.3-1ubuntu1.11.04.1_any.deb
Ubuntu	11.10	any	moin	1.9.3-1ubuntu1.11.10.1	moin_1.9.3-1ubuntu1.11.10.1_any.deb
Ubuntu	12.04	any	moin	1.9.3-1ubuntu2.1	moin_1.9.3-1ubuntu2.1_any.deb

Source	Link
openwall	www.openwall.com/lists/oss-security/2012/09/04/4
security-tracker	www.security-tracker.debian.org/tracker/DSA-2538-1
ubuntu	www.ubuntu.com/security/notices/USN-1604-1
cve	www.cve.org/CVERecord

24 Jul 2024 15:57Current

5.9Medium risk

Vulners AI Score5.9

CVSS 26

EPSS0.0099

moinmoin 1.9 group names virtual group remote authenticated users unix