CVE-2009-4762
First published: Mon Mar 29 2010(Updated: )
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moinmo Moinmoin | =1.8.0 | |
| Moinmo Moinmoin | =1.7.2 | |
| Moinmo Moinmoin | =1.8.1 | |
| Moinmo Moinmoin | =1.7.0 | |
| Moinmo Moinmoin | =1.7.1 | |
| Moinmo Moinmoin | =1.8.2 | |
| pip/moin | >=1.8.0<1.8.3 | 1.8.3 |
| pip/moin | >=1.7.0<1.7.3 | 1.7.3 |
| =1.7.0 | ||
| =1.7.1 | ||
| =1.7.2 | ||
| =1.8.0 | ||
| =1.8.1 | ||
| =1.8.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/0600
- http://moinmo.in/SecurityFixes
- http://www.debian.org/security/2010/dsa-2014
- http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
- http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
- http://www.securityfocus.com/bid/35277
- http://secunia.com/advisories/39887
- http://www.vupen.com/english/advisories/2010/1208
- http://ubuntu.com/usn/usn-941-1
- https://nvd.nist.gov/vuln/detail/CVE-2009-4762
- https://web.archive.org/web/20140805132556/http://secunia.com/advisories/39887
- https://web.archive.org/web/20200228153929/http://www.securityfocus.com/bid/35277
- https://github.com/advisories/GHSA-jj23-fj2v-m872 (Advisory)
- https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-13.yaml
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/remedy
- agent/references
- agent/weakness
- agent/severity
- agent/description
- agent/author
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/github-advisory
- source/GitHub
- alias/GHSA-jj23-fj2v-m872
- alias/CVE-2009-4762
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- collector/github-advisory-latest
- vendor/moinmo
- canonical/moinmo moinmoin
- version/moinmo moinmoin/1.8.0
- version/moinmo moinmoin/1.7.2
- version/moinmo moinmoin/1.8.1
- version/moinmo moinmoin/1.7.0
- version/moinmo moinmoin/1.7.1
- version/moinmo moinmoin/1.8.2
- package-manager/pip