Vulnerabilities > CVE-2004-1463 - Unspecified vulnerability in Moinmoin
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN moinmoin
nessus
Summary
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1ECF4CA1F7AD11D896C900061BC2AD93.NASL description The moinmoin package contains two bugs with ACLs and anonymous users. Both bugs may permit anonymous users to gain access to administrative functions; for example the delete function. There is no known workaround, the vulnerability exists regardless if a site is using ACLs or not. last seen 2020-06-01 modified 2020-06-02 plugin id 38135 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38135 title FreeBSD : moinmoin -- ACL group bypass (1ecf4ca1-f7ad-11d8-96c9-00061bc2ad93) NASL family FreeBSD Local Security Checks NASL id FREEBSD_MOINMOIN_123.NASL description The following package needs to be updated: moinmoin last seen 2016-09-26 modified 2011-10-03 plugin id 14385 published 2004-08-27 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14385 title FreeBSD : moinmoin -- ACL group bypass (115) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-25.NASL description The remote host is affected by the vulnerability described in GLSA-200408-25 (MoinMoin: Group ACL bypass) MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact : Restrictions on anonymous users were not properly enforced. This could lead to unauthorized users gaining administrative access to functions such as last seen 2020-06-01 modified 2020-06-02 plugin id 14581 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14581 title GLSA-200408-25 : MoinMoin: Group ACL bypass
References
- http://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801
- http://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801
- http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml
- http://www.gentoo.org/security/en/glsa/glsa-200408-25.xml
- http://www.osvdb.org/displayvuln.php?osvdb_id=8195
- http://www.osvdb.org/displayvuln.php?osvdb_id=8195
- http://www.securityfocus.com/bid/10801
- http://www.securityfocus.com/bid/10801
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16832
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16832