Your submission was sent successfully! Close

CVE-2009-4762

Published: 29 March 2010

MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

Priority

Medium

Status

Package Release Status
moin
Launchpad, Ubuntu, Debian
dapper Not vulnerable
(code not present)
hardy Not vulnerable
(code not present)
intrepid Needed
(reached end-of-life)
jaunty
Released (1.8.2-2ubuntu2.4)
karmic Not vulnerable
(1.8.4-1ubuntu1.1)
lucid Not vulnerable
(1.9.2-2ubuntu2)
upstream
Released (1.7.3, 1.8.3)
Patches:
upstream: http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2
upstream: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2

Notes

AuthorNote
mdeslaur
Hierarchical ACLs were introduced in 1.6.0, so dapper and
hardy don't appear to be vulnerable.

References