Your submission was sent successfully! Close

CVE-2012-6080

Published: 29 December 2012

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

Priority

Medium

Status

Package Release Status
moin
Launchpad, Ubuntu, Debian 		hardy Ignored
(reached end-of-life)
lucid
Released (1.9.2-2ubuntu3.3)
oneiric
Released (1.9.3-1ubuntu1.11.10.2)
precise
Released (1.9.3-1ubuntu2.2)
quantal
Released (1.9.3-1ubuntu3.1)
upstream
Released (1.9.6)

Notes

AuthorNote
jdstrand 
CVE not assigned yet

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading