Moinmoin · Moinmoin · CVE-2020-25074
Name of the Vulnerable Software and Affected Versions:
MoinMoin versions 1.9.10 and earlier
Description:
The issue is related to the cache action in action/cache.py, which allows directory traversal through a crafted HTTP request. This can be exploited by an attacker who can upload attachments to the wiki, potentially leading to remote code execution. The attacker can access confidential data, compromise its integrity, and cause a denial of service.
Recommendations:
For MoinMoin versions 1.9.10 and earlier: Upgrade to a patched version, such as MoinMoin Wiki 1.9.11, which contains the necessary fixes.
As a temporary workaround, consider disabling the `cache` or the `AttachFile` action to minimize the risk of exploitation.
Restrict `write` permissions, which include uploading attachments, to only trusted users.