CVE-2008-6548 — Missing Authorization in Moinmoin

CWE-862 — Missing Authorization CWE-285 — Improper Authorization6 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 54.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moinmo Moinmoin

Timeline

PublishedMar 30

Latest updateMay 17

Description

The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmoinmo/moinmoin1.6.1

🔴Vulnerability Details

GHSA

MoinMoin improper access control on the included page for the rst parser↗2022-05-17

▶

OSV

MoinMoin improper access control on the included page for the rst parser↗2022-05-17

▶

OSV

CVE-2008-6548: The rst parser (parser/text_rst↗2009-03-30

▶

📐Framework References

CWE

Improper Authorization↗

▶

CWE

Missing Authorization↗

▶