Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jbWc3LXhyMmotNHI5ds2fcg
MoinMoin Improper ACL handling for calendars and includes
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-cmg7-xr2j-4r9vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jbWc3LXhyMmotNHI5ds2fcg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 6 months ago
Identifiers: GHSA-cmg7-xr2j-4r9v, CVE-2007-2637
References:
- https://nvd.nist.gov/vuln/detail/CVE-2007-2637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34474
- http://osvdb.org/36269
- http://secunia.com/advisories/25208
- http://secunia.com/advisories/29262
- http://www.debian.org/security/2008/dsa-1514
- http://www.ubuntu.com/usn/usn-458-1
- https://moinmo.in/MoinMoinRelease1.5/CHANGES
- https://github.com/advisories/GHSA-cmg7-xr2j-4r9v
Affected Packages
pypi:moin
Dependent packages: 0Dependent repositories: 46
Downloads: 605 last month
Affected Version Ranges: < 1.5.8
Fixed in: 1.5.8
All affected versions:
All unaffected versions: 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11