CVE-2020-25074 – moin

Package

Manager: pip
Name: moin
Vulnerable Version: >=0 <1.9.11

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.12807 pctl0.93769

Details

MoinMoin vulnerable to remote code execution via cache action ### Impact The cache action in action/cache.py allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. ### Patches Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. ### Workarounds It is not advised to work around this, but to upgrade MoinMoin to a patched version. That said, a work around via disabling the `cache` or the `AttachFile` action might be possible. Also, it is of course helpful if you give `write` permissions (which include uploading attachments) only to trusted users. ### Credits This vulnerability was discovered by Michael Chapman. ### For more information If you have any questions or comments about this advisory, email me at [twaldmann@thinkmo.de](mailto:twaldmann@thinkmo.de).

Metadata

Created: 2020-11-11T15:54:51Z
Modified: 2024-10-07T14:54:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/11/GHSA-52q8-877j-gghq/GHSA-52q8-877j-gghq.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-52q8-877j-gghq
Finding: F063
Auto approve: 1