MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Description
Published by the National Vulnerability Database
Apr 3, 2009
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Feb 9, 2024
Last updated
Nov 26, 2024
MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.
References