CVE-2009-4762

MoinMoin <1.7.3, <1.8.3 - Info Disclosure

Title source: llm

Description

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

References (9)

[Patch] http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2

[Patch] http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2

[Vendor Advisory] http://moinmo.in/SecurityFixes

[Various Sources] http://ubuntu.com/usn/usn-941-1

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/0600

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35277

[Third Party Advisory] http://www.debian.org/security/2010/dsa-2014

[Third Party Advisory] http://secunia.com/advisories/39887

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/1208

Scores

EPSS 0.0037

EPSS Percentile 58.4%

Classification

CWE

CWE-264

Status draft

Affected Products (7)

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

moinmo/moinmoin

pypi/moin < 1.7.3PyPI

Timeline

Published Mar 29, 2010

Tracked Since Feb 18, 2026