6

CVE-2012-4404

EPSS 0.99%
Published 10.09.2012 22:55:05
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Moinmo ≫ Moinmoin Version1.9.0

Moinmo ≫ Moinmoin Version1.9.1

Moinmo ≫ Moinmoin Version1.9.2

Moinmo ≫ Moinmoin Version1.9.3

Moinmo ≫ Moinmoin Version1.9.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.99%	0.762

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P

http://moinmo.in/SecurityFixes

Vendor Advisory

http://secunia.com/advisories/50885

http://www.ubuntu.com/usn/USN-1604-1

http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16

http://secunia.com/advisories/50474

Vendor Advisory

http://secunia.com/advisories/50496

Vendor Advisory

http://www.debian.org/security/2012/dsa-2538

http://www.openwall.com/lists/oss-security/2012/09/04/4

http://www.openwall.com/lists/oss-security/2012/09/05/2

https://nvd.nist.gov/vuln/detail/CVE-2012-4404

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-4404

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-4404

EUVD