PYSEC-2009-13

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-13.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2009-13

Aliases

CVE-2008-6603
GHSA-wc8w-gh5m-62fv

Published

2009-04-03T18:30:00Z

Modified

2024-11-25T22:42:21.318319Z

Summary

[none]

Details

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.

References

http://osvdb.org/48875
http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26
http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter
http://www.vupen.com/english/advisories/2008/1307
http://hg.moinmo.in/moin/1.7/rev/88356b3f849a
http://moinmo.in/SecurityFixes
http://www.securityfocus.com/bid/34655
https://exchange.xforce.ibmcloud.com/vulnerabilities/41911

Affected packages

PyPI / moin

Package

Name: moin; View open source insights on deps.dev
Purl: pkg:pypi/moin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.3

PYSEC-2009-13

Affected packages

PyPI / moin

Package

Affected ranges

PyPI / moin

Package

Affected ranges

Affected versions

1.*