GHSA-jj23-fj2v-m872
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jj23-fj2v-m872
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jj23-fj2v-m872/GHSA-jj23-fj2v-m872.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-jj23-fj2v-m872
- Aliases
- Published
- 2022-05-02T03:57:54Z
- Modified
- 2024-10-01T19:26:08Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- MoinMoin Improper Access Control vulnerability
- Details
-
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
- Database specific
{ "nvd_published_at": "2010-03-29T20:30:00Z", "severity": "HIGH", "cwe_ids": [ "CWE-284" ], "github_reviewed_at": "2024-04-29T14:41:13Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2009-4762
- https://github.com/moinwiki/moin
- https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-13.yaml
- https://web.archive.org/web/20140805132556/http://secunia.com/advisories/39887
- https://web.archive.org/web/20200228153929/http://www.securityfocus.com/bid/35277
- http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
- http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
- http://moinmo.in/SecurityFixes
- http://ubuntu.com/usn/usn-941-1
- http://www.debian.org/security/2010/dsa-2014
Affected packages
PyPI / moin
Package
- Name
- moin
- View open source insights on deps.dev
- Purl
- pkg:pypi/moin
PyPI / moin
Package
- Name
- moin
- View open source insights on deps.dev
- Purl
- pkg:pypi/moin