CVE-2020-25074

Name of the Vulnerable Software and Affected Versions: MoinMoin versions 1.9.10 and earlier

Description: The issue is related to the cache action in action/cache.py, which allows directory traversal through a crafted HTTP request. This can be exploited by an attacker who can upload attachments to the wiki, potentially leading to remote code execution. The attacker can access confidential data, compromise its integrity, and cause a denial of service.

Recommendations: For MoinMoin versions 1.9.10 and earlier: Upgrade to a patched version, such as MoinMoin Wiki 1.9.11, which contains the necessary fixes. As a temporary workaround, consider disabling the cache or the AttachFile action to minimize the risk of exploitation. Restrict write permissions, which include uploading attachments, to only trusted users.