ghsa-jhxw-4hw4-mhh7
Vulnerability from github
Published
2022-05-17 05:52
Modified
2024-04-22 18:53
Summary
MoinMoin improper access control on the included page for the rst parser
Details
The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "moin" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.6.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2008-6548" ], "database_specific": { "cwe_ids": [ "CWE-862" ], "github_reviewed": true, "github_reviewed_at": "2024-04-22T18:53:10Z", "nvd_published_at": "2009-03-30T01:30:00Z", "severity": "MODERATE" }, "details": "The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.", "id": "GHSA-jhxw-4hw4-mhh7", "modified": "2024-04-22T18:53:11Z", "published": "2022-05-17T05:52:47Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-6548" }, { "type": "PACKAGE", "url": "https://github.com/moinwiki/moin" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2009-11.yaml" }, { "type": "WEB", "url": "https://web.archive.org/web/20080523123729/http://hg.moinmo.in/moin/1.6/raw-file/1.6.2/docs/CHANGES" }, { "type": "WEB", "url": "https://web.archive.org/web/20211206185024/http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546" }, { "type": "WEB", "url": "http://hg.moinmo.in/moin/1.6/rev/35ff7a9b1546" }, { "type": "WEB", "url": "http://moinmo.in/SecurityFixes" }, { "type": "WEB", "url": "http://osvdb.org/48877" } ], "schema_version": "1.4.0", "severity": [], "summary": "MoinMoin improper access control on the included page for the rst parser" }
Loading...