CVE-2012-4404 – moin

Package

Manager: pip
Name: moin
Vulnerable Version: >=1.9 <1.9.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01314 pctl0.79057

Details

MoinMoin Improper Access Control `security/__init__.py` in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

Metadata

Created: 2022-05-17T05:11:14Z
Modified: 2024-09-26T15:02:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g4mx-rm5q-vh24/GHSA-g4mx-rm5q-vh24.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-g4mx-rm5q-vh24
Finding: F039
Auto approve: 1