CVE-2020-25074 — Path Traversal in Moinmoin

CWE-22 — Path Traversal6 documents4 sources
Severity
9.8CRITICALNVD
OSV5.4
EPSS
12.8%
top 5.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Moinmo MoinmoinDebian Linux
Timeline
PublishedNov 10
Latest updateNov 11

Description

The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

â–¶NVDmoinmo/moinmoin1.9.10

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

4
OSV
moin vulnerabilities↗2020-11-11
â–¶
OSV
MoinMoin vulnerable to remote code execution via cache action↗2020-11-11
â–¶
GHSA
MoinMoin vulnerable to remote code execution via cache action↗2020-11-11
â–¶
OSV
CVE-2020-25074: The cache action in action/cache↗2020-11-10
â–¶

📋Vendor Advisories

1
Ubuntu
MoinMoin vulnerabilities↗2020-11-11
â–¶
CVE-2020-25074 — Path Traversal in Moinmo Moinmoin | cvebase