CVE-2010-0668
published 2010-02-26CVE-2010-0668: Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
2.18%
80.1th percentile
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2010-03-11·CVSS 6.8
CVE-2010-0668 [MEDIUM] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: MoinMoin vulnerabilities
It was discovered that several wiki actions and preference settings in
MoinMoin were not protected from cross-site request forgery (CSRF). If an
authenticated user were tricked into visiting a malicious website while
logged into MoinMoin, a remote attacker could change the user's
configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)
It was discovered that MoinMoin did not properly sanitize its input when
processing user preferences. An attacker could enter malicious content
which when viewed by a user, could render in unexpected ways.
(CVE-2010-0669)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
Moin: Security fixes in v1.8.7, v1.9.2
vendor_redhat·2010-02-01·CVSS 6.8
CVE-2010-0668 [MEDIUM] Moin: Security fixes in v1.8.7, v1.9.2
Moin: Security fixes in v1.8.7, v1.9.2
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
OSV
MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
osv·2022-05-02
CVE-2010-0668 [MEDIUM] MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
GHSA
MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
ghsa·2022-05-02
CVE-2010-0668 [MEDIUM] MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
MoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
OSV
CVE-2010-0668: Unspecified vulnerability in MoinMoin 1
osv·2010-02-26
CVE-2010-0668 CVE-2010-0668: Unspecified vulnerability in MoinMoin 1
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-2487 moin: Multiple XSS issues
bugzilla·2010-06-07·CVSS 4.3
CVE-2010-2487 [MEDIUM] CVE-2010-2487 moin: Multiple XSS issues
CVE-2010-2487 moin: Multiple XSS issues
A possible reflected cross-site scripting attack was discovered in Moin [1]. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities, due to a vulnerable template parameter. The upstream bug report links to patches to correct the flaw.
[1] http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg
Discussion:
Created moin tracking bugs for this issue
Affects: fedora-all [bug 601400]
---
moin-1.8.8-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc12
---
moin-1.8.8-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/moin-1.8.8-1.fc11
---
mo
Bugzilla
CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
bugzilla·2010-02-15·CVSS 6.8
CVE-2010-0668 [MEDIUM] CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
CVE-2010-0668 CVE-2010-0669 CVE-2010-0717 Moin: Security fixes in v1.8.7, v1.9.2
Multiple security issues have been reported in Moin:
[1] http://moinmo.in/SecurityFixes
[2] http://secunia.com/advisories/38444/
Upstream Moin v1.8.7 version was released:
[3] http://moinmo.in/
Addressing "major security issues in miscellaneous
parts of moin.":
[4] http://moinmo.in/MoinMoinRelease1.8
[5] http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES
CVE Request:
[6] http://www.openwall.com/lists/oss-security/2010/02/15/2
Other references:
[7] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975
As mentioned in [7]:
" 2) it's not just a single patch,
it is quite much, you don't want to apply them
manually. if you need it now, do a repo checkout
and you'll have 1.9.2pre kind of"
Discussion:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGEShttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.htmlhttp://marc.info/?l=oss-security&m=126625972814888&w=2http://marc.info/?l=oss-security&m=126676896601156&w=2http://moinmo.in/MoinMoinRelease1.8http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/38444http://secunia.com/advisories/38709http://secunia.com/advisories/38903http://www.debian.org/security/2010/dsa-2014http://www.openwall.com/lists/oss-security/2010/02/15/2http://www.osvdb.org/62043http://www.securityfocus.com/bid/38023http://www.vupen.com/english/advisories/2010/0266http://www.vupen.com/english/advisories/2010/0600https://bugzilla.redhat.com/show_bug.cgi?id=565604https://exchange.xforce.ibmcloud.com/vulnerabilities/56002http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGEShttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.htmlhttp://marc.info/?l=oss-security&m=126625972814888&w=2http://marc.info/?l=oss-security&m=126676896601156&w=2http://moinmo.in/MoinMoinRelease1.8http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/38444http://secunia.com/advisories/38709http://secunia.com/advisories/38903http://www.debian.org/security/2010/dsa-2014http://www.openwall.com/lists/oss-security/2010/02/15/2http://www.osvdb.org/62043http://www.securityfocus.com/bid/38023http://www.vupen.com/english/advisories/2010/0266http://www.vupen.com/english/advisories/2010/0600https://bugzilla.redhat.com/show_bug.cgi?id=565604https://exchange.xforce.ibmcloud.com/vulnerabilities/56002
2010-02-26
Published