Vulnerability Details : CVE-2012-4404
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
Products affected by CVE-2012-4404
- cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-4404
0.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-4404
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.0
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:P |
6.8
|
6.4
|
NIST |
CWE ids for CVE-2012-4404
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-4404
-
http://moinmo.in/SecurityFixes
SecurityFixes - MoinMoinVendor Advisory
-
http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
moin/1.9: 7b9f39289e16
-
http://www.debian.org/security/2012/dsa-2538
Debian -- Security Information -- DSA-2538-1 moin
-
http://www.ubuntu.com/usn/USN-1604-1
USN-1604-1: MoinMoin vulnerabilities | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2012/09/05/2
oss-security - Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups
-
http://www.openwall.com/lists/oss-security/2012/09/04/4
oss-security - CVE request: moinmoin incorrect ACL evaluation for virtual groups
Jump to