CVE-2009-4762

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
moinmomoinmoin
1.7.0
moinmomoinmoin
1.7.1
moinmomoinmoin
1.7.2
moinmomoinmoin
1.8.0
moinmomoinmoin
1.8.1
moinmomoinmoin
1.8.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moin
lucid
not-affected
karmic
not-affected
jaunty
Fixed 1.8.2-2ubuntu2.4
released
intrepid
ignored
hardy
not-affected
dapper
not-affected
Common Weakness Enumeration
References
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/39887
http://ubuntu.com/usn/usn-941-1
http://www.debian.org/security/2010/dsa-2014
http://www.securityfocus.com/bid/35277
http://www.vupen.com/english/advisories/2010/0600
http://www.vupen.com/english/advisories/2010/1208
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/39887
http://ubuntu.com/usn/usn-941-1
http://www.debian.org/security/2010/dsa-2014
http://www.securityfocus.com/bid/35277
http://www.vupen.com/english/advisories/2010/0600
http://www.vupen.com/english/advisories/2010/1208