CVE-2020-25074
published 2020-11-10CVE-2020-25074: The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.12%
92.5th percentile
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| moinmo | moinmoin | <= 1.9.10 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in the cache action handler within action/cache.py in MoinMoin through 1.9.10; monitor for directory traversal patterns in requests targeting this endpoint ↗
- →Attack vector requires the ability to upload attachments to the wiki; monitor for attachment uploads followed by unusual cache action requests as a combined attack chain indicator ↗
- ·Affected versions are MoinMoin through 1.9.10; only instances exposing attachment upload functionality to untrusted users are exploitable ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv5.4MEDIUM
vendor_ubuntu8.7HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
moin vulnerabilities
osv·2020-11-11·CVSS 5.4
CVE-2020-25074 [MEDIUM] moin vulnerabilities
moin vulnerabilities
Michael Chapman discovered that MoinMoin incorrectly handled certain cache actions.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-25074)
Catarina Leite discovered that MoinMoin incorrectly handled certain SVG files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-15275)
OSV
MoinMoin vulnerable to remote code execution via cache action
osv·2020-11-11
CVE-2020-25074 [HIGH] MoinMoin vulnerable to remote code execution via cache action
MoinMoin vulnerable to remote code execution via cache action
### Impact
The cache action in action/cache.py allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
### Patches
Users are strongly advised to upgrade to a patched version.
MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
### Workarounds
It is not advised to work around this, but to upgrade MoinMoin to a patched version.
That said, a work around via disabling the `cache` or the `AttachFile` action might be possible.
Also, it is of course helpful if you give `write` permissions (which include uploading attachments) only to trusted users.
### Credits
This vulnerability was discovered b
GHSA
MoinMoin vulnerable to remote code execution via cache action
ghsa·2020-11-11
CVE-2020-25074 [HIGH] CWE-22 MoinMoin vulnerable to remote code execution via cache action
MoinMoin vulnerable to remote code execution via cache action
### Impact
The cache action in action/cache.py allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
### Patches
Users are strongly advised to upgrade to a patched version.
MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
### Workarounds
It is not advised to work around this, but to upgrade MoinMoin to a patched version.
That said, a work around via disabling the `cache` or the `AttachFile` action might be possible.
Also, it is of course helpful if you give `write` permissions (which include uploading attachments) only to trusted users.
### Credits
This vulnerability was discovered b
OSV
CVE-2020-25074: The cache action in action/cache
osv·2020-11-10
CVE-2020-25074 CVE-2020-25074: The cache action in action/cache
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
Ubuntu
MoinMoin vulnerabilities
vendor_ubuntu·2020-11-11·CVSS 8.7
CVE-2020-25074 [HIGH] MoinMoin vulnerabilities
Title: MoinMoin vulnerabilities
Summary: Several security issues were fixed in MoinMoin.
Michael Chapman discovered that MoinMoin incorrectly handled certain cache actions.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-25074)
Catarina Leite discovered that MoinMoin incorrectly handled certain SVG files.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2020-15275)
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://moinmo.in/SecurityFixeshttps://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghqhttps://lists.debian.org/debian-lts-announce/2020/11/msg00020.htmlhttps://www.debian.org/security/2020/dsa-4787http://moinmo.in/SecurityFixeshttps://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghqhttps://lists.debian.org/debian-lts-announce/2020/11/msg00020.htmlhttps://www.debian.org/security/2020/dsa-4787
2020-11-10
Published