PT-2013-1876 · Moinmoin · Moinmoin

Jamie Strandboge

Published

2013-01-03

Updated

2022-05-17

CVE-2012-6080

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions MoinMoin versions 1.9.3 through 1.9.5

Description The issue allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name, due to a directory traversal vulnerability in the do attachment move function in the AttachFile action (action/AttachFile.py).

Recommendations For MoinMoin versions 1.9.3 through 1.9.5, consider disabling the do attachment move function in the AttachFile action until a patch is available. Restrict access to the AttachFile action to minimize the risk of exploitation. Avoid using file names containing .. (dot dot) in the affected AttachFile action until the issue is resolved.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2012-6080

DSA-2593-1

GHSA-V33Q-2XCJ-4F3M

PYSEC-2013-5

Affected Products

Moinmoin

PT-2013-1876 · Moinmoin · Moinmoin

CVE-2012-6080

Weakness Enumeration

Related Identifiers

Affected Products

References · 20