Vulnerabilities > CVE-2004-1463 - Privilege Escalation vulnerability in MoinMoin PageEditor

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
moinmoin
critical
nessus

Summary

Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1ECF4CA1F7AD11D896C900061BC2AD93.NASL
    descriptionThe moinmoin package contains two bugs with ACLs and anonymous users. Both bugs may permit anonymous users to gain access to administrative functions; for example the delete function. There is no known workaround, the vulnerability exists regardless if a site is using ACLs or not.
    last seen2020-06-01
    modified2020-06-02
    plugin id38135
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38135
    titleFreeBSD : moinmoin -- ACL group bypass (1ecf4ca1-f7ad-11d8-96c9-00061bc2ad93)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_MOINMOIN_123.NASL
    descriptionThe following package needs to be updated: moinmoin
    last seen2016-09-26
    modified2011-10-03
    plugin id14385
    published2004-08-27
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=14385
    titleFreeBSD : moinmoin -- ACL group bypass (115)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200408-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200408-25 (MoinMoin: Group ACL bypass) MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact : Restrictions on anonymous users were not properly enforced. This could lead to unauthorized users gaining administrative access to functions such as
    last seen2020-06-01
    modified2020-06-02
    plugin id14581
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14581
    titleGLSA-200408-25 : MoinMoin: Group ACL bypass