PYSEC-2012-10

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2012-10.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2012-10

Aliases

CVE-2012-4404
GHSA-g4mx-rm5q-vh24

Published

2012-09-10T22:55:00Z

Modified

2024-05-01T11:11:21.192346Z

Summary

[none]

Details

security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

References

http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
http://moinmo.in/SecurityFixes
http://www.debian.org/security/2012/dsa-2538
http://secunia.com/advisories/50496
http://www.openwall.com/lists/oss-security/2012/09/05/2
http://www.openwall.com/lists/oss-security/2012/09/04/4
http://secunia.com/advisories/50474
http://www.ubuntu.com/usn/USN-1604-1
http://secunia.com/advisories/50885

Affected packages

PyPI / moin

Package

Name: moin; View open source insights on deps.dev
Purl: pkg:pypi/moin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.9

Fixed

1.9.5

Affected versions

1.*

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4