PT-2012-5378 · Moinmoin · Moinmoin

Raphael Geissert

Publicado

2012-09-10

Atualizado

2022-05-17

CVE-2012-4404

CVSS v2.0

6.0

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MoinMoin versions 1.9 through 1.9.4

Description The issue arises from improper handling of group names that contain virtual group names, such as "All," "Known," or "Trusted," in the security/ init .py module. This allows remote authenticated users with virtual group membership to be treated as a member of the group.

Recommendations For MoinMoin versions 1.9 through 1.9.4, consider restricting access to the security/ init .py module until a patch is available. As a temporary workaround, avoid using virtual group names such as "All," "Known," or "Trusted" in group names to minimize the risk of exploitation.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-284

Identificadores relacionados

CVE-2012-4404

DSA-2538-1

GHSA-G4MX-RM5Q-VH24

PYSEC-2012-10

Produtos afetados

Moinmoin

PT-2012-5378 · Moinmoin · Moinmoin

CVE-2012-4404

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19