Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qajIzLWZqMnYtbTg3Ms3QuA
MoinMoin Improper Access Control vulnerability
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
Permalink: https://github.com/advisories/GHSA-jj23-fj2v-m872JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qajIzLWZqMnYtbTg3Ms3QuA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: 19 days ago
Identifiers: GHSA-jj23-fj2v-m872, CVE-2009-4762
References:
- https://nvd.nist.gov/vuln/detail/CVE-2009-4762
- http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
- http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
- http://moinmo.in/SecurityFixes
- http://ubuntu.com/usn/usn-941-1
- http://www.debian.org/security/2010/dsa-2014
- https://web.archive.org/web/20140805132556/http://secunia.com/advisories/39887
- https://web.archive.org/web/20200228153929/http://www.securityfocus.com/bid/35277
- https://github.com/advisories/GHSA-jj23-fj2v-m872
Affected Packages
pypi:moin
Dependent packages: 0Dependent repositories: 46
Downloads: 208 last month
Affected Version Ranges: >= 1.8.0, < 1.8.3, >= 1.7.0, < 1.7.3
Fixed in: 1.8.3, 1.7.3
All affected versions:
All unaffected versions: 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11