CVE-2009-4762

high

Description

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

References

http://www.vupen.com/english/advisories/2010/1208

http://www.vupen.com/english/advisories/2010/0600

http://www.securityfocus.com/bid/35277

http://www.debian.org/security/2010/dsa-2014

http://ubuntu.com/usn/usn-941-1

http://secunia.com/advisories/39887

http://moinmo.in/SecurityFixes

http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2

http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2

Details

Source: Mitre, NVD

Published: 2010-03-29

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High