CVE-2012-4404

{"id": "CVE-2012-4404", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-09-10T22:55:05.197", "references": [{"url": "http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16", "source": "secalert@redhat.com"}, {"url": "http://moinmo.in/SecurityFixes", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/50474", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/50496", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/50885", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2012/dsa-2538", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/09/04/4", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2012/09/05/2", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/USN-1604-1", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group."}, {"lang": "es", "value": "security/__init__.py en MoinMoin v1.9 hasta v1.9.4 no trata correctamente los nombres de los grupos que contienen nombres de grupos virtuales tales como \"All\", \"Known\", o \"Trusted\", lo que permite ser tratados como miembros del grupo no-virtual a usuarios remotos autenticados que pertenezcan a un grupo virtual.\r\n"}], "lastModified": "2013-04-19T03:24:59.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B6FF2CB-A7F2-4E74-8B95-0C7BA3DE47AD"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B7C3A9E-1655-436F-94FF-390D44926A28"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8434905-3540-4ADE-8223-251FFABD31D9"}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD68516B-3E72-41F4-8BD1-60A98FC1C9E3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}