CVE-2012-4404 β€” Improper Access Control in Moinmoin

CWE-264CWE-284 β€” Improper Access Control8 documents5 sources
Severity
6.0MEDIUMNVD
EPSS
1.0%
top 23.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Moinmo Moinmoin
Timeline
PublishedSep 10
Latest updateMay 17

Description

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages1 packages

β–ΆNVDmoinmo/moinmoin5 versions+4

πŸ”΄Vulnerability Details

3
OSV
MoinMoin Improper Access Control↗2022-05-17
β–Ά
GHSA
MoinMoin Improper Access Control↗2022-05-17
β–Ά
OSV
CVE-2012-4404: security/__init__β†—2012-09-10
β–Ά

πŸ“‹Vendor Advisories

1
Ubuntu
MoinMoin vulnerabilities↗2012-10-11
β–Ά

πŸ’¬Community

3
Bugzilla
CVE-2012-4404 moin: Improper ACL rules enforcement due to a bug in the way virtual groups were handled previously during ACL evaluation [fedora-all]β†—2012-09-05
β–Ά
Bugzilla
CVE-2012-4404 moin: Improper ACL rules enforcement due to a bug in the way virtual groups were handled previously during ACL evaluation↗2012-09-05
β–Ά
Bugzilla
CVE-2012-4404 moin: Improper ACL rules enforcement due to a bug in the way virtual groups were handled previously during ACL evaluation [epel-5]β†—2012-09-05
β–Ά
CVE-2012-4404 β€” Improper Access Control in Moinmoin | cvebase