Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nNG14LXJtNXEtdmgyNM4AAfOZ
MoinMoin Improper Access Control
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nNG14LXJtNXEtdmgyNM4AAfOZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 18 days ago
Identifiers: GHSA-g4mx-rm5q-vh24, CVE-2012-4404
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-4404
- http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
- http://moinmo.in/SecurityFixes
- http://www.debian.org/security/2012/dsa-2538
- http://www.openwall.com/lists/oss-security/2012/09/04/4
- http://www.openwall.com/lists/oss-security/2012/09/05/2
- http://www.ubuntu.com/usn/USN-1604-1
- https://github.com/moinwiki/moin/commit/b7791166cb3613d07c6e8eea966b4f763b2de660
- https://web.archive.org/web/20151016233452/http://secunia.com/advisories/50885
- https://web.archive.org/web/20151017041746/http://secunia.com/advisories/50474
- https://web.archive.org/web/20151017041755/http://secunia.com/advisories/50496
- https://github.com/advisories/GHSA-g4mx-rm5q-vh24
Blast Radius: 0.0
Affected Packages
pypi:moin
Dependent packages: 0Dependent repositories: 46
Downloads: 208 last month
Affected Version Ranges: >= 1.9, < 1.9.5
Fixed in: 1.9.5
All affected versions: 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4
All unaffected versions: 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11