Skip to content

MoinMoin Improper Access Control

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated May 1, 2024

Package

pip moin (pip)

Affected versions

>= 1.9, < 1.9.5

Patched versions

1.9.5

Description

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

References

Published by the National Vulnerability Database Sep 10, 2012
Published to the GitHub Advisory Database May 17, 2022
Reviewed May 1, 2024
Last updated May 1, 2024

Severity

Moderate

Weaknesses

CVE ID

CVE-2012-4404

GHSA ID

GHSA-g4mx-rm5q-vh24

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.