CVE-2020-25074
HIGH8.8EPSS 12.8%MoinMoin vulnerable to remote code execution via cache action
描述
### Impact The cache action in action/cache.py allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution. ### Patches Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. ### Workarounds It is not advised to work around this, but to upgrade MoinMoin to a patched version. That said, a work around via disabling the `cache` or the `AttachFile` action might be possible. Also, it is of course helpful if you give `write` permissions (which include uploading attachments) only to trusted users. ### Credits This vulnerability was discovered by Michael Chapman. ### For more information If you have any questions or comments about this advisory, email me at [[email protected]](mailto:[email protected]).
受影響套件(2)
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-25074
- PATCHhttps://github.com/moinwiki/moin
- WEBhttp://moinmo.in/SecurityFixes
- WEBhttps://github.com/moinwiki/moin-1.9/commit/6b96a9060069302996b5af47fd4a388fc80172b7
- WEBhttps://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2020-67.yaml
- WEBhttps://lists.debian.org/debian-lts-announce/2020/11/msg00020.html
- WEBhttps://pypi.org/project/moin
- WEBhttps://www.debian.org/security/2020/dsa-4787