CVE-2012-4404
Published: 10 September 2012
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
Priority
Status
Package | Release | Status |
---|---|---|
moin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(1.9.2-2ubuntu3.2)
|
|
natty |
Released
(1.9.3-1ubuntu1.11.04.1)
|
|
oneiric |
Released
(1.9.3-1ubuntu1.11.10.1)
|
|
precise |
Released
(1.9.3-1ubuntu2.1)
|
|
upstream |
Released
(1.9.4-8)
|
|
Patches: upstream: http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16 |