PT-2009-2018 · Moinmoin · Moinmoin
Published
2009-03-30
·
Updated
2024-02-02
·
CVE-2008-6548
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
MoinMoin version 1.6.1
Description
The issue concerns the rst parser in MoinMoin, which fails to check the ACL of an included page. This allows attackers to read unauthorized include files via unknown vectors.
Recommendations
For MoinMoin version 1.6.1, consider restricting access to the
parser/text rst.py module to minimize the risk of exploitation until a patch is available.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moinmoin