CVE-2009-4762
HIGH7.5EPSS 0.60%MoinMoin Improper Access Control vulnerability
發布日:2022/5/2修改日:2024/6/4
描述
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
受影響套件(3)
- Debian/moinfrom 0, < 1.9.2-1
- PyPI/moin>= 1.7.0, < 1.7.3
- PyPI/moin>= 1.7, < 1.7.3, >= 1.8, < 1.8.3
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
參考連結(14)
- ADVISORYhttp://secunia.com/advisories/39887
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2009-4762
- ADVISORYhttp://www.vupen.com/english/advisories/2010/0600
- ADVISORYhttp://www.vupen.com/english/advisories/2010/1208
- PATCHhttps://github.com/moinwiki/moin
- WEBhttp://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
- WEBhttp://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
- WEBhttp://moinmo.in/SecurityFixes
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-13.yaml
- WEBhttps://web.archive.org/web/20140805132556/http://secunia.com/advisories/39887
- WEBhttps://web.archive.org/web/20200228153929/http://www.securityfocus.com/bid/35277
- WEBhttp://ubuntu.com/usn/usn-941-1
- WEBhttp://www.debian.org/security/2010/dsa-2014
- WEBhttp://www.securityfocus.com/bid/35277