cbcvebase.
CVE-2012-4404
published 2012-09-10

CVE-2012-4404: security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted,"…

PriorityP427medium6CVSS 2.0
AVNACMAuSCPIPAP
EPSS
2.09%
79.3th percentile
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

Affected

5 ranges
VendorProductVersion rangeFixed in
moinmomoinmoin
moinmomoinmoin
moinmomoinmoin
moinmomoinmoin
moinmomoinmoin

CVSS provenance

nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vendor_ubuntu2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.