PT-2012-5378 · Moinmoin · Moinmoin

Raphael Geissert

Published

2012-09-10

Updated

2022-05-17

CVE-2012-4404

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MoinMoin versions 1.9 through 1.9.4

Description The issue arises from improper handling of group names that contain virtual group names, such as "All," "Known," or "Trusted," in the security/ init .py module. This allows remote authenticated users with virtual group membership to be treated as a member of the group.

Recommendations For MoinMoin versions 1.9 through 1.9.4, consider restricting access to the security/ init .py module until a patch is available. As a temporary workaround, avoid using virtual group names such as "All," "Known," or "Trusted" in group names to minimize the risk of exploitation.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-284

Related Identifiers

CVE-2012-4404

DSA-2538-1

GHSA-G4MX-RM5Q-VH24

PYSEC-2012-10

Affected Products

Moinmoin

PT-2012-5378 · Moinmoin · Moinmoin

CVE-2012-4404

Weakness Enumeration

Related Identifiers

Affected Products

References · 19