Vulnerabilities > CVE-2004-1462 - Privilege Escalation vulnerability in MoinMoin

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

moinmoin

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.

Vulnerable Configurations

Part	Description	Count
Application	Moinmoin Moinmoin Moinmoin 0.1 Moinmoin Moinmoin 0.2 Moinmoin Moinmoin 0.3 Moinmoin Moinmoin 0.7 Moinmoin Moinmoin 0.8 Moinmoin Moinmoin 0.9 Moinmoin Moinmoin 0.10 Moinmoin Moinmoin 0.11 Moinmoin Moinmoin 1.0 Moinmoin Moinmoin 1.1 Moinmoin Moinmoin 1.2 Moinmoin Moinmoin 1.2.1 Moinmoin Moinmoin 1.2.2	13

Nessus

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_1ECF4CA1F7AD11D896C900061BC2AD93.NASL
description	The moinmoin package contains two bugs with ACLs and anonymous users. Both bugs may permit anonymous users to gain access to administrative functions; for example the delete function. There is no known workaround, the vulnerability exists regardless if a site is using ACLs or not.
last seen	2020-06-01
modified	2020-06-02
plugin id	38135
published	2009-04-23
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/38135
title	FreeBSD : moinmoin -- ACL group bypass (1ecf4ca1-f7ad-11d8-96c9-00061bc2ad93)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_MOINMOIN_123.NASL
description	The following package needs to be updated: moinmoin
last seen	2016-09-26
modified	2011-10-03
plugin id	14385
published	2004-08-27
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=14385
title	FreeBSD : moinmoin -- ACL group bypass (115)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200408-25.NASL
description	The remote host is affected by the vulnerability described in GLSA-200408-25 (MoinMoin: Group ACL bypass) MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact : Restrictions on anonymous users were not properly enforced. This could lead to unauthorized users gaining administrative access to functions such as
last seen	2020-06-01
modified	2020-06-02
plugin id	14581
published	2004-08-30
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14581
title	GLSA-200408-25 : MoinMoin: Group ACL bypass

Summary

Vulnerable Configurations

Nessus

References