Main Vulnerability Database Vulnerabilities #VU32754

Permissions, Privileges, and Access Controls in MoinMoin - CVE-2012-4404

Published: September 11, 2012 / Updated: July 28, 2020

Vulnerability identifier: #VU32754

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-4404

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MoinMoin

Affected software:
MoinMoin

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

How to mitigate CVE-2012-4404

Install update from vendor's website.

Sources

http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/50474
http://secunia.com/advisories/50496
http://secunia.com/advisories/50885
http://www.debian.org/security/2012/dsa-2538
http://www.openwall.com/lists/oss-security/2012/09/04/4
http://www.openwall.com/lists/oss-security/2012/09/05/2
http://www.ubuntu.com/usn/USN-1604-1

Permissions, Privileges, and Access Controls in MoinMoin - CVE-2012-4404

Detailed vulnerability description

How to mitigate CVE-2012-4404

Sources

Please verify you're human