QwikSec

Security Database

CVE

CWE

Training

CVE-2012-4404

Published: Sep 10, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

http://moinmo.in/SecurityFixes

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16

x_refsource_CONFIRM

[oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.