Vulnerability Details CVE-2012-4404
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v2 Score 6.0
References
- http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
- http://moinmo.in/SecurityFixes
- http://secunia.com/advisories/50474
- http://secunia.com/advisories/50496
- http://secunia.com/advisories/50885
- http://www.debian.org/security/2012/dsa-2538
- http://www.openwall.com/lists/oss-security/2012/09/04/4
- http://www.openwall.com/lists/oss-security/2012/09/05/2
- http://www.ubuntu.com/usn/USN-1604-1
- http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
- http://moinmo.in/SecurityFixes
- http://secunia.com/advisories/50474
- http://secunia.com/advisories/50496
- http://secunia.com/advisories/50885
- http://www.debian.org/security/2012/dsa-2538
- http://www.openwall.com/lists/oss-security/2012/09/04/4
- http://www.openwall.com/lists/oss-security/2012/09/05/2
- http://www.ubuntu.com/usn/USN-1604-1
Products affected by CVE-2012-4404
-
cpe:2.3:a:moinmo:moinmoin:1.9.0
-
cpe:2.3:a:moinmo:moinmoin:1.9.1
-
cpe:2.3:a:moinmo:moinmoin:1.9.2
-
cpe:2.3:a:moinmo:moinmoin:1.9.3
-
cpe:2.3:a:moinmo:moinmoin:1.9.4