CVE-2012-4404

EUVD-2012-0017
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
Affected Products (NVD)
VendorProductVersion
moinmomoinmoin
1.9.0
moinmomoinmoin
1.9.1
moinmomoinmoin
1.9.2
moinmomoinmoin
1.9.3
moinmomoinmoin
1.9.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
moin
hardy
ignored
lucid
Fixed 1.9.2-2ubuntu3.2
released
natty
Fixed 1.9.3-1ubuntu1.11.04.1
released
oneiric
Fixed 1.9.3-1ubuntu1.11.10.1
released
precise
Fixed 1.9.3-1ubuntu2.1
released
Common Weakness Enumeration
References
http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/50474
http://secunia.com/advisories/50496
http://secunia.com/advisories/50885
http://www.debian.org/security/2012/dsa-2538
http://www.openwall.com/lists/oss-security/2012/09/04/4
http://www.openwall.com/lists/oss-security/2012/09/05/2
http://www.ubuntu.com/usn/USN-1604-1
http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/50474
http://secunia.com/advisories/50496
http://secunia.com/advisories/50885
http://www.debian.org/security/2012/dsa-2538
http://www.openwall.com/lists/oss-security/2012/09/04/4
http://www.openwall.com/lists/oss-security/2012/09/05/2
http://www.ubuntu.com/usn/USN-1604-1