GSA_kwCzR0hTQS1teGg4LXhncTktdzc4Ms2Y6Q

Moderate EPSS: 0.00381% (0.58624 Percentile) EPSS:

Permalink JSON

MoinMoin Insertion of Sensitive Information into Log File

Affected Packages	Affected Versions	Fixed Versions
pypi:moin	= 1.5.7	1.5.8
0 Dependent packages 46 Dependent repositories 260 Downloads last month Affected Version Ranges All affected versions All unaffected versions 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6, 1.9.7, 1.9.8, 1.9.9, 1.9.10, 1.9.11

An information leak was discovered in MoinMoin's debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "show_traceback=0" to their site configurations to disable debug tracebacks.

References:

https://nvd.nist.gov/vuln/detail/CVE-2007-0902
http://osvdb.org/33173
http://secunia.com/advisories/24138
http://secunia.com/advisories/24244
http://www.securityfocus.com/bid/22515
http://www.ubuntu.com/usn/usn-423-1
https://moinmo.in/MoinMoinRelease1.5/CHANGES
https://github.com/advisories/GHSA-mxh8-xgq9-w782

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1teGg4LXhncTktdzc4Ms2Y6Q

MoinMoin Insertion of Sensitive Information into Log File

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API