CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.9%
The cache action in action/cache.py allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to
the wiki can use this to achieve remote code execution.
Users are strongly advised to upgrade to a patched version.
MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
It is not advised to work around this, but to upgrade MoinMoin to a patched version.
That said, a work around via disabling the cache
or the AttachFile
action might be possible.
Also, it is of course helpful if you give write
permissions (which include uploading attachments) only to trusted users.
This vulnerability was discovered by Michael Chapman.
If you have any questions or comments about this advisory, email me at [email protected].
moinmo.in/SecurityFixes
github.com/advisories/GHSA-52q8-877j-gghq
github.com/moinwiki/moin-1.9/commit/6b96a9060069302996b5af47fd4a388fc80172b7
github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
lists.debian.org/debian-lts-announce/2020/11/msg00020.html
nvd.nist.gov/vuln/detail/CVE-2020-25074
pypi.org/project/moin/
www.debian.org/security/2020/dsa-4787
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
86.9%