CVE-2008-1099 - OpenCVE

_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moinmoin	Moinmoin

Configuration 1 [-]

cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://hg.moinmo.in/moin/1.5/rev/4a7de0173734
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/29262
http://secunia.com/advisories/29444
http://secunia.com/advisories/30031
http://secunia.com/advisories/33755
http://www.debian.org/security/2008/dsa-1514
http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml
http://www.securityfocus.com/bid/28177
https://exchange.xforce.ibmcloud.com/vulnerabilities/41038
https://usn.ubuntu.com/716-1/
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-05T20:00:00

Updated: 2024-08-07T08:08:57.422Z

Reserved: 2008-02-28T00:00:00

Link: CVE-2008-1099

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-05T20:44:00.000

Modified: 2018-10-03T21:53:21.917

Link: CVE-2008-1099

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-25T00:00:00", "descriptions": [{"lang": "en", "value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30031", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30031"}, {"name": "33755", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33755"}, {"name": "GLSA-200803-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"name": "28177", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28177"}, {"name": "29262", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29262"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "moinmoin-macrogetval-information-disclosure(41038)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"}, {"name": "FEDORA-2008-3328", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}, {"name": "FEDORA-2008-3301", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"name": "29444", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29444"}, {"name": "USN-716-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/716-1/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"}, {"name": "DSA-1514", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1514"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1099", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30031", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30031"}, {"name": "33755", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33755"}, {"name": "GLSA-200803-27", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"name": "28177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28177"}, {"name": "29262", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29262"}, {"name": "http://moinmo.in/SecurityFixes", "refsource": "CONFIRM", "url": "http://moinmo.in/SecurityFixes"}, {"name": "moinmoin-macrogetval-information-disclosure(41038)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"}, {"name": "FEDORA-2008-3328", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}, {"name": "FEDORA-2008-3301", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"name": "29444", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29444"}, {"name": "USN-716-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/716-1/"}, {"name": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"}, {"name": "DSA-1514", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1514"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:08:57.422Z"}, "title": "CVE Program Container", "references": [{"name": "30031", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30031"}, {"name": "33755", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33755"}, {"name": "GLSA-200803-27", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"name": "28177", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28177"}, {"name": "29262", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29262"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "moinmoin-macrogetval-information-disclosure(41038)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"}, {"name": "FEDORA-2008-3328", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}, {"name": "FEDORA-2008-3301", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"name": "29444", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29444"}, {"name": "USN-716-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/716-1/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"}, {"name": "DSA-1514", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1514"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1099", "datePublished": "2008-03-05T20:00:00", "dateReserved": "2008-02-28T00:00:00", "dateUpdated": "2024-08-07T08:08:57.422Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmoin:moinmoin:*:*:*:*:*:*:*:*", "matchCriteriaId": "C3A2FDB5-6C57-43E2-AA1B-D083D93C5679", "versionEndIncluding": "1.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages."}, {"lang": "es", "value": "_macro_Getval en wikimacro.py de MoinMoin 1.5.8 y anteriores no hace cumplir correctamente ACLs, lo que permite a atacantes remotos leer p\u00e1ginas protegidas."}], "id": "CVE-2008-1099", "lastModified": "2018-10-03T21:53:21.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-05T20:44:00.000", "references": [{"source": "cve@mitre.org", "url": "http://hg.moinmo.in/moin/1.5/rev/4a7de0173734"}, {"source": "cve@mitre.org", "url": "http://moinmo.in/SecurityFixes"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29262"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29444"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30031"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33755"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1514"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200803-27.xml"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28177"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41038"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/716-1/"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00510.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00538.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}