Lucene search

GitHub Advisory DatabaseGHSA-5JJR-GMQ3-F986

HistoryMay 02, 2022 - 6:15 a.m.

MoinMoin has improper default configuration

2022-05-0206:15:08

GitHub Advisory Database

github.com

moinmoin

default configuration

vulnerability

unsafe package actions

software

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.006

Percentile

79.6%

JSON

The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.

Affected configurations

Vulners

Node

moinRange<1.8.7

VendorProductVersionCPE
*moin*cpe:2.3:a:*:moin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	moin	*	cpe:2.3:a::moin::::::::*

References

hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES

moinmo.in/MoinMoinRelease1.8

www.debian.org/security/2010/dsa-2014

www.openwall.com/lists/oss-security/2010/02/15/2

www.vupen.com/english/advisories/2010/0600

exchange.xforce.ibmcloud.com/vulnerabilities/56595

github.com/advisories/GHSA-5jjr-gmq3-f986

github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2010-3.yaml

nvd.nist.gov/vuln/detail/CVE-2010-0717

web.archive.org/web/20140807024009/secunia.com/advisories/38903

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.006

Percentile

79.6%

JSON

Related for GHSA-5JJR-GMQ3-F986