CVE-2010-0667

MoinMoin 1.9 < 1.9.1 - Exposure of Sensitive Information via sys.argv Array

Title source: llm
STIX 2.1

Description

MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.

References (10)

Core 10
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/02/15/2
Vendor Advisory x_refsource_confirm
http://moinmo.in/SecurityFixes
Various Sources x_refsource_confirm
http://hg.moinmo.in/moin/1.9/rev/04afdde50094
Various Sources x_refsource_confirm
http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=126676896601156&w=2
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/01/21/6
Various Sources x_refsource_confirm
http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
Various Sources x_refsource_confirm
http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=126625972814888&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38242

Scores

EPSS 0.0187
EPSS Percentile 76.9%

Details

CWE
CWE-200
Status published
Products (2)
moinmo/moinmoin 1.9.0
pypi/moin 1.9 - 1.9.1PyPI
Published Feb 26, 2010
Tracked Since Feb 18, 2026