{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-09-03T00:00:00", "descriptions": [{"lang": "en", "value": "security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-10-30T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "USN-1604-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1604-1"}, {"name": "50496", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50496"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "DSA-2538", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2538"}, {"name": "[oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"}, {"name": "50885", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50885"}, {"name": "50474", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/50474"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"}, {"name": "[oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:35:09.512Z"}, "title": "CVE Program Container", "references": [{"name": "USN-1604-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1604-1"}, {"name": "50496", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50496"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/SecurityFixes"}, {"name": "DSA-2538", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2538"}, {"name": "[oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"}, {"name": "50885", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50885"}, {"name": "50474", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/50474"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"}, {"name": "[oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-4404", "datePublished": "2012-09-10T22:00:00", "dateReserved": "2012-08-21T00:00:00", "dateUpdated": "2024-08-06T20:35:09.512Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group."}, {"lang": "es", "value": "security/__init__.py en MoinMoin v1.9 hasta v1.9.4 no trata correctamente los nombres de los grupos que contienen nombres de grupos virtuales tales como \"All\", \"Known\", o \"Trusted\", lo que permite ser tratados como miembros del grupo no-virtual a usuarios remotos autenticados que pertenezcan a un grupo virtual.\r\n"}], "id": "CVE-2012-4404", "lastModified": "2013-04-19T03:24:59.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-09-10T22:55:05.197", "references": [{"source": "secalert@redhat.com", "url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50474"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/50496"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/50885"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2538"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/09/04/4"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/09/05/2"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-1604-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}