CVE-2012-4404
Published Sep 10, 2012
Last updated 12 years ago
Overview
- Description
- security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE"
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD"
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28"
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9"
},
{
"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3"
}
],
"operator": "OR"
}
]
}
]