Vulnerability Description
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moinmo | Moinmoin | 1.9.0 |
Related Weaknesses (CWE)
References
- http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
- http://moinmo.in/SecurityFixesVendor Advisory
- http://secunia.com/advisories/50474Vendor Advisory
- http://secunia.com/advisories/50496Vendor Advisory
- http://secunia.com/advisories/50885
- http://www.debian.org/security/2012/dsa-2538
- http://www.openwall.com/lists/oss-security/2012/09/04/4
- http://www.openwall.com/lists/oss-security/2012/09/05/2
- http://www.ubuntu.com/usn/USN-1604-1
- http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
- http://moinmo.in/SecurityFixesVendor Advisory
- http://secunia.com/advisories/50474Vendor Advisory
- http://secunia.com/advisories/50496Vendor Advisory
- http://secunia.com/advisories/50885
- http://www.debian.org/security/2012/dsa-2538
FAQ
What is CVE-2012-4404?
CVE-2012-4404 is a vulnerability with a CVSS score of 6.0 (MEDIUM). security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users w...
How severe is CVE-2012-4404?
CVE-2012-4404 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4404?
Check the references section above for vendor advisories and patch information. Affected products include: Moinmo Moinmoin.