CVE-2008-6603
published 2009-04-03CVE-2008-6603: MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.64%
73.4th percentile
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa6.8MEDIUM
osv6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
osv·2022-05-17·CVSS 6.8
CVE-2008-6603 [MEDIUM] MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
GHSA
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
ghsa·2022-05-17·CVSS 6.8
CVE-2008-6603 [MEDIUM] CWE-284 MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
OSV
MoinMoin Improper Access Control vulnerability
osv·2022-05-02·CVSS 6.8
CVE-2009-4762 [MEDIUM] MoinMoin Improper Access Control vulnerability
MoinMoin Improper Access Control vulnerability
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
GHSA
MoinMoin Improper Access Control vulnerability
ghsa·2022-05-02·CVSS 6.8
CVE-2009-4762 [MEDIUM] CWE-284 MoinMoin Improper Access Control vulnerability
MoinMoin Improper Access Control vulnerability
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
OSV
CVE-2009-4762: MoinMoin 1
osv·2010-03-29·CVSS 6.8
CVE-2009-4762 [MEDIUM] CVE-2009-4762: MoinMoin 1
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
OSV
CVE-2008-6603: MoinMoin 1
osv·2009-04-03·CVSS 6.8
CVE-2008-6603 [MEDIUM] CVE-2008-6603: MoinMoin 1
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
Red Hat
moin: incorrect processing of hierarchic ACLs
vendor_redhat·2008-04-12·CVSS 6.8
CVE-2008-6603 [MEDIUM] moin: incorrect processing of hierarchic ACLs
moin: incorrect processing of hierarchic ACLs
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
No detection rules found.
No public exploits indexed.
http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26http://hg.moinmo.in/moin/1.7/rev/88356b3f849ahttp://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfterhttp://moinmo.in/SecurityFixeshttp://osvdb.org/48875http://www.securityfocus.com/bid/34655http://www.vupen.com/english/advisories/2008/1307https://exchange.xforce.ibmcloud.com/vulnerabilities/41911http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26http://hg.moinmo.in/moin/1.7/rev/88356b3f849ahttp://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfterhttp://moinmo.in/SecurityFixeshttp://osvdb.org/48875http://www.securityfocus.com/bid/34655http://www.vupen.com/english/advisories/2008/1307https://exchange.xforce.ibmcloud.com/vulnerabilities/41911
2009-04-03
Published