GitHub Advisory DatabaseGHSA-574F-MH6M-C6QMMoinMoin has multiple vulnerabilities related to superuser list, xmlrpc and OpenID configuration
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
85.2%
Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.
Affected configurations
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975
hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES
lists.fedoraproject.org/pipermail/package-announce/2010-February/035374.html
lists.fedoraproject.org/pipermail/package-announce/2010-February/035438.html
marc.info/?l=oss-security&m=126625972814888&w=2
marc.info/?l=oss-security&m=126676896601156&w=2
moinmo.in/MoinMoinRelease1.8
moinmo.in/SecurityFixes
www.debian.org/security/2010/dsa-2014
www.openwall.com/lists/oss-security/2010/02/15/2
bugzilla.redhat.com/show_bug.cgi?id=565604
exchange.xforce.ibmcloud.com/vulnerabilities/56002
github.com/advisories/GHSA-574f-mh6m-c6qm
github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-15.yaml
nvd.nist.gov/vuln/detail/CVE-2010-0668
web.archive.org/web/20111225112846/secunia.com/advisories/38903
web.archive.org/web/20140725192956/secunia.com/advisories/38709
web.archive.org/web/20140806190238/secunia.com/advisories/38444
web.archive.org/web/20200228174758/www.securityfocus.com/bid/38023
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
85.2%