CVE-2008-1099

Description

`_macro_Getval` in `wikimacro.py` in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. The issue has been fixed on [4a7de0173734](http://hg.moinmo.in/moin/1.5/rev/4a7de0173734).

How to fix CVE-2008-1099

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• PyPI/moin—no fix listed

Is CVE-2008-1099 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 1.5.8

References (14)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2008-1099
• WEBhg.moinmo.in/moin/1.5/rev/4a7de0173734
• WEBmoinmo.in/SecurityFixes
• WEBsecunia.com/advisories/29262
• WEBsecunia.com/advisories/29444