OSVDB ID: 85172

Title: MoinMoin Nested Virtual Group ACL Rule Handling Permission Assignment Access Restriction Bypass

Info

Disclosure

Sep 03, 2012

Discovery

Unknown

Dates

Exploit

Sep 03, 2012

Solution

Sep 03, 2012

Description

MoinMoin contains a flaw that is triggered when handling ACL rules for groups containing virtual group. This may allow a remote attacker to have permissions assigned to them incorrectly and bypass access restrictions.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS, Upgrade
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Upgrade to version 1.9.5 or higher (released 2012-09-24), as it has been reported to fix this vulnerability. In addition, the vendor has released a patch for some older versions.

Products

MoinMoin

MoinMoin

1.9.0rc2
1.9.0rc1
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/85172