|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200408-25] MoinMoin: Group ACL bypass Vulnerability Scan
Vulnerability Scan Summary MoinMoin: Group ACL bypass
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200408-25
(MoinMoin: Group ACL bypass)
MoinMoin contains two unspecified bugs, one allowing anonymous users
elevated access when not using ACLs, and the other in the ACL handling in
the PageEditor.
Impact
Restrictions on anonymous users were not properly enforced. This could lead
to unauthorized users gaining administrative access to functions such as
"revert" and "delete". Sites are vulnerable whether or
not they are using ACLs.
Workaround
There is no known workaround.
References:
https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801
http://www.osvdb.org/displayvuln.php?osvdb_id=8194
http://www.osvdb.org/displayvuln.php?osvdb_id=8195
Solution:
All users should upgrade to the latest available version of MoinMoin, as
follows:
# emerge sync
# emerge -pv ">=net-ww/moinmoin-1.2.3"
# emerge ">=net-ww/moinmoin-1.2.3"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|