CVE-2009-4762

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2	Patch
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2	Patch
http://moinmo.in/SecurityFixes	Vendor Advisory
http://secunia.com/advisories/39887
http://ubuntu.com/usn/usn-941-1
http://www.debian.org/security/2010/dsa-2014
http://www.securityfocus.com/bid/35277
http://www.vupen.com/english/advisories/2010/0600	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1208

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moinmo:moinmoin:1.7.0:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.7.1:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.7.2:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.8.0:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.8.1:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.8.2:::::::*

History

No history.

Information

Published : 2010-03-29 20:30

Updated : 2023-12-10 11:03

NVD link : CVE-2009-4762

Mitre link : CVE-2009-4762

CVE.ORG link : CVE-2009-4762

JSON object : View

Products Affected

moinmo

moinmoin

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-4762", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-03-29T20:30:00.467", "references": [{"url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://moinmo.in/SecurityFixes", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/39887", "source": "cve@mitre.org"}, {"url": "http://ubuntu.com/usn/usn-941-1", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2010/dsa-2014", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35277", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0600", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/1208", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."}, {"lang": "es", "value": "MoinMoin v1.7.x anteriores a la v1.7.3 y v1.8.x anteriores a la v1.8.3 chequea ACLs (listas de control de acceso) del elemento padre en algunas circunstacias inapropiadas durante el procesado de ACLs jer\u00e1rquicas, lo que permite a atacantes remotos evitar las restricciones de acceso previstas al solicitar un objeto. Es una vulnerabilidad distanta a la CVE-2008-6603."}], "lastModified": "2010-05-27T05:47:01.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}