CVE-2009-4762

EUVD-2010-0003
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
moinmomoinmoin
1.7.0
moinmomoinmoin
1.7.1
moinmomoinmoin
1.7.2
moinmomoinmoin
1.8.0
moinmomoinmoin
1.8.1
moinmomoinmoin
1.8.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moin
dapper
not-affected
hardy
not-affected
intrepid
ignored
jaunty
Fixed 1.8.2-2ubuntu2.4
released
karmic
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/39887
http://ubuntu.com/usn/usn-941-1
http://www.debian.org/security/2010/dsa-2014
http://www.securityfocus.com/bid/35277
http://www.vupen.com/english/advisories/2010/0600
http://www.vupen.com/english/advisories/2010/1208
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/39887
http://ubuntu.com/usn/usn-941-1
http://www.debian.org/security/2010/dsa-2014
http://www.securityfocus.com/bid/35277
http://www.vupen.com/english/advisories/2010/0600
http://www.vupen.com/english/advisories/2010/1208