CVE-2008-6548
published 2009-03-30CVE-2008-6548: The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via…
PriorityP417medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.00%
58.6th percentile
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MoinMoin improper access control on the included page for the rst parser
ghsa·2022-05-17
CVE-2008-6548 [MEDIUM] CWE-862 MoinMoin improper access control on the included page for the rst parser
MoinMoin improper access control on the included page for the rst parser
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
OSV
MoinMoin improper access control on the included page for the rst parser
osv·2022-05-17
CVE-2008-6548 [MEDIUM] MoinMoin improper access control on the included page for the rst parser
MoinMoin improper access control on the included page for the rst parser
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
OSV
CVE-2008-6548: The rst parser (parser/text_rst
osv·2009-03-30·CVSS 5.0
CVE-2008-6548 [MEDIUM] CVE-2008-6548: The rst parser (parser/text_rst
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Authorization
mitre_cwe
CWE-285 Improper Authorization
CWE-285: Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Background: An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: "No access", "Read access", "Change access", and "Full control". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their
CWE
Missing Authorization
mitre_cwe
CWE-862 Missing Authorization
CWE-862: Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Background: An access control list (ACL) represents who/what has permissions to a given object. Different operating systems implement (ACLs) in different ways. In UNIX, there are three types of permissions: read, write, and execute. Users are divided into three classes for file access: owner, group owner, and all other users where each class has a separate set of rights. In Windows NT, there are four basic types of permissions for files: "No access", "Read access", "Change access", and "Full control". Windows NT extends the concept of three types of users in UNIX to include a list of users and groups along with their associated permissions.
2009-03-30
Published