PYSEC-2012-10

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2012-10.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2012-10
Aliases
Published
2012-09-10T22:55:00Z
Modified
2024-05-01T11:11:21.192346Z
Summary
[none]
Details

security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

References

Affected packages

PyPI / moin

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.9
Fixed
1.9.5

Affected versions

1.*

1.9.0
1.9.1
1.9.2
1.9.3
1.9.4