CVE-2012-4404
moin - privilege escalation
5.4
MEDIUM
CVSS 3.1
EPSS 0.99%
Description
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.
How to fix CVE-2012-4404
To remediate CVE-2012-4404, upgrade the affected package to a fixed version below.
- —upgrade to 1.9.3-1+squeeze2 or later
- —upgrade to 1.9.5 or later
- —upgrade to 1.9.5 or later
Is CVE-2012-4404 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.9.3-1+squeeze2
- >= 1.9, < 1.9.5
- >= 1.9, < 1.9.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |