CVE-2009-4762 – moin

Package

Manager: pip
Name: moin
Vulnerable Version: >=1.7.0 <1.7.3 || >=1.8.0 <1.8.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0037 pctl0.58041

Details

MoinMoin Improper Access Control vulnerability MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

Metadata

Created: 2022-05-02T03:57:54Z
Modified: 2024-10-01T19:26:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jj23-fj2v-m872/GHSA-jj23-fj2v-m872.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-jj23-fj2v-m872
Finding: F039
Auto approve: 1