Description
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
CVSS Metrics
- Vector
- AV:N/AC:M/Au:S/C:P/I:P/A:P
- Access Vector
- network
- Access Cmplx
- medium
- Auth
- single
- Confidentiality
- partial
- Integrity
- partial
- Availability
- partial
- Weaknesses
- CWE-264
Metadata
- Primary Vendor
- MOINMO
- Published
- 9/10/2012
- Last Modified
- 4/11/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
moinmo : moinmoinmoinmo : moinmoinmoinmo : moinmoinmoinmo : moinmoinmoinmo : moinmoin
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.