CVE-2012-6080
published 2013-01-03CVE-2012-6080: Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows…
PriorityP338medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
4.02%
89.3th percentile
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
| moinmo | moinmoin | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
MoinMoin Directory Traversal vulnerability
osv·2022-05-17
CVE-2012-6080 [MEDIUM] MoinMoin Directory Traversal vulnerability
MoinMoin Directory Traversal vulnerability
Directory traversal vulnerability in the `_do_attachment_move` function in the AttachFile action (`action/AttachFile.py`) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a `..` (dot dot) in a file name.
GHSA
MoinMoin Directory Traversal vulnerability
ghsa·2022-05-17
CVE-2012-6080 [MEDIUM] CWE-22 MoinMoin Directory Traversal vulnerability
MoinMoin Directory Traversal vulnerability
Directory traversal vulnerability in the `_do_attachment_move` function in the AttachFile action (`action/AttachFile.py`) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a `..` (dot dot) in a file name.
OSV
CVE-2012-6080: Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile
osv·2013-01-03
CVE-2012-6080 CVE-2012-6080: Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile
Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
No detection rules found.
Bugzilla
CVE-2012-6080 moinmoin: Path traversal vulnerability
bugzilla·2012-12-31·CVSS 6.4
CVE-2012-6080 [MEDIUM] CVE-2012-6080 moinmoin: Path traversal vulnerability
CVE-2012-6080 moinmoin: Path traversal vulnerability
A path traversal issue was found in MoinMoin wiki (version 1.9.3 -1.9.5). The vulnerability resides in the AttachFile action (function
_do_attachment_move in action/AttachFile.py). It fails to properly sanitize file names.
Details can be found at: http://moinmo.in/SecurityFixes
A fix is available at: http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
This issue has been assgined CVE-2012-6080
Reference:
http://seclists.org/oss-sec/2012/q4/524
Discussion:
Created moin tracking bugs for this issue
Affects: fedora-all [bug 890906]
Affects: epel-5 [bug 890907]
---
(Further) References:
http://www.openwall.com/lists/oss-security/2012/12/30/6
https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
http://hg.moinmo.in/moin/1.9/rev/3c27
Bugzilla
CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [epel-5]
bugzilla·2012-12-31·CVSS 6.4
CVE-2012-6081 [MEDIUM] CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [epel-5]
CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel-5 tracking
Bugzilla
CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [fedora-all]
bugzilla·2012-12-31·CVSS 6.4
CVE-2012-6081 [MEDIUM] CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [fedora-all]
CVE-2012-6081 CVE-2012-6082 CVE-2012-6080 CVE-2012-6495 moin various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this
http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/51663http://secunia.com/advisories/51676http://secunia.com/advisories/51696http://ubuntu.com/usn/usn-1680-1http://www.debian.org/security/2012/dsa-2593http://www.openwall.com/lists/oss-security/2012/12/30/6http://www.securityfocus.com/bid/57076https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52http://moinmo.in/SecurityFixeshttp://secunia.com/advisories/51663http://secunia.com/advisories/51676http://secunia.com/advisories/51696http://ubuntu.com/usn/usn-1680-1http://www.debian.org/security/2012/dsa-2593http://www.openwall.com/lists/oss-security/2012/12/30/6http://www.securityfocus.com/bid/57076https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
2013-01-03
Published