CVE-2007-2637 — MoinMoin Improper ACL handling for calendars and includes

Description

MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.

How to fix CVE-2007-2637

To remediate CVE-2007-2637, upgrade the affected package to a fixed version below.

Debian/moin—upgrade to 1.5.7-2 or later
PyPI/moin—upgrade to 1.5.8 or later

Is CVE-2007-2637 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.5.7-2
from 0, < 1.5.8

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-2637
WEBosvdb.org/36269
WEBsecunia.com/advisories/25208
WEBsecunia.com/advisories/29262
WEBexchange.xforce.ibmcloud.com/vulnerabilities/34474