CVE-2009-4762 - OpenCVE

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moinmo	Moinmoin

Configuration 1 [-]

OR	cpe:2.3:a:moinmo:moinmoin:1.7.0:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.7.1:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.7.2:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.8.0:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.8.1:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.8.2:::::::*

No data.

References

Link	Providers
http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/39887
http://ubuntu.com/usn/usn-941-1
http://www.debian.org/security/2010/dsa-2014
http://www.securityfocus.com/bid/35277
http://www.vupen.com/english/advisories/2010/0600
http://www.vupen.com/english/advisories/2010/1208

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-29T20:00:00

Updated: 2024-08-07T07:17:24.915Z

Reserved: 2010-03-29T00:00:00

Link: CVE-2009-4762

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-03-29T20:30:00.467

Modified: 2010-05-27T05:47:01.157

Link: CVE-2009-4762

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-04-30T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "ADV-2010-1208", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1208"}, {"name": "DSA-2014", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2014"}, {"name": "39887", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39887"}, {"name": "35277", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35277"}, {"name": "USN-941-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-941-1"}, {"name": "ADV-2010-0600", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"name": "http://moinmo.in/SecurityFixes", "refsource": "CONFIRM", "url": "http://moinmo.in/SecurityFixes"}, {"name": "ADV-2010-1208", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1208"}, {"name": "DSA-2014", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2014"}, {"name": "39887", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39887"}, {"name": "35277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35277"}, {"name": "USN-941-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-941-1"}, {"name": "ADV-2010-0600", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"name": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:17:24.915Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "ADV-2010-1208", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1208"}, {"name": "DSA-2014", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2014"}, {"name": "39887", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39887"}, {"name": "35277", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35277"}, {"name": "USN-941-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-941-1"}, {"name": "ADV-2010-0600", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4762", "datePublished": "2010-03-29T20:00:00", "dateReserved": "2010-03-29T00:00:00", "dateUpdated": "2024-08-07T07:17:24.915Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "20921AD9-B2A9-417F-B83D-6013CD9F662E", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "DB78616E-55AB-4C8A-874B-7DCF6E755E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "2584941F-5FE8-4636-B878-50CC5D4CC258", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "D06004B5-966B-48F5-87B4-7005DBC86D63", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "2C2C741A-220A-454C-8D21-6459DB2D67E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603."}, {"lang": "es", "value": "MoinMoin v1.7.x anteriores a la v1.7.3 y v1.8.x anteriores a la v1.8.3 chequea ACLs (listas de control de acceso) del elemento padre en algunas circunstacias inapropiadas durante el procesado de ACLs jer\u00e1rquicas, lo que permite a atacantes remotos evitar las restricciones de acceso previstas al solicitar un objeto. Es una vulnerabilidad distanta a la CVE-2008-6603."}], "id": "CVE-2009-4762", "lastModified": "2010-05-27T05:47:01.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-03-29T20:30:00.467", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/39887"}, {"source": "cve@mitre.org", "url": "http://ubuntu.com/usn/usn-941-1"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2010/dsa-2014"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35277"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0600"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/1208"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}