CVE-2009-4762
published 2010-03-29CVE-2009-4762: MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.00%
85.7th percentile
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
ghsa6.8MEDIUM
osv6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MoinMoin Improper Access Control vulnerability
osv·2022-05-02·CVSS 6.8
CVE-2009-4762 [MEDIUM] MoinMoin Improper Access Control vulnerability
MoinMoin Improper Access Control vulnerability
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
GHSA
MoinMoin Improper Access Control vulnerability
ghsa·2022-05-02·CVSS 6.8
CVE-2009-4762 [MEDIUM] CWE-284 MoinMoin Improper Access Control vulnerability
MoinMoin Improper Access Control vulnerability
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
OSV
CVE-2009-4762: MoinMoin 1
osv·2010-03-29·CVSS 6.8
CVE-2009-4762 [MEDIUM] CVE-2009-4762: MoinMoin 1
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
Ubuntu
MoinMoin vulnerability
vendor_ubuntu·2010-05-20
CVE-2009-4762 MoinMoin vulnerability
Title: MoinMoin vulnerability
It was discovered that MoinMoin incorrectly handled hierarchical access
control lists. Users could bypass intended access controls under certain
circumstances.
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/39887http://ubuntu.com/usn/usn-941-1http://www.debian.org/security/2010/dsa-2014http://www.securityfocus.com/bid/35277http://www.vupen.com/english/advisories/2010/0600http://www.vupen.com/english/advisories/2010/1208http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/39887http://ubuntu.com/usn/usn-941-1http://www.debian.org/security/2010/dsa-2014http://www.securityfocus.com/bid/35277http://www.vupen.com/english/advisories/2010/0600http://www.vupen.com/english/advisories/2010/1208
2010-03-29
Published