{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-04-30T09:00:00.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "ADV-2010-1208", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1208"}, {"name": "DSA-2014", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2014"}, {"name": "39887", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39887"}, {"name": "35277", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35277"}, {"name": "USN-941-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-941-1"}, {"name": "ADV-2010-0600", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"name": "http://moinmo.in/SecurityFixes", "refsource": "CONFIRM", "url": "http://moinmo.in/SecurityFixes"}, {"name": "ADV-2010-1208", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1208"}, {"name": "DSA-2014", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2014"}, {"name": "39887", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39887"}, {"name": "35277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35277"}, {"name": "USN-941-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-941-1"}, {"name": "ADV-2010-0600", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"name": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:17:24.915Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "ADV-2010-1208", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1208"}, {"name": "DSA-2014", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2014"}, {"name": "39887", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39887"}, {"name": "35277", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35277"}, {"name": "USN-941-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-941-1"}, {"name": "ADV-2010-0600", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4762", "datePublished": "2010-03-29T20:00:00.000Z", "dateReserved": "2010-03-29T00:00:00.000Z", "dateUpdated": "2024-08-07T07:17:24.915Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."}, {"lang": "es", "value": "MoinMoin v1.7.x anteriores a la v1.7.3 y v1.8.x anteriores a la v1.8.3 chequea ACLs (listas de control de acceso) del elemento padre en algunas circunstacias inapropiadas durante el procesado de ACLs jer\u00e1rquicas, lo que permite a atacantes remotos evitar las restricciones de acceso previstas al solicitar un objeto. Es una vulnerabilidad distanta a la CVE-2008-6603."}], "id": "CVE-2009-4762", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-03-29T20:30:00.467", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/39887"}, {"source": "cve@mitre.org", "url": "http://ubuntu.com/usn/usn-941-1"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2014"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35277"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/1208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/39887"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://ubuntu.com/usn/usn-941-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2010/dsa-2014"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/1208"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}