CVE-2008-6603 - Vulnerability Details - OpenCVE

MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moinmo	Moinmoin

Configuration 1 [-]

OR	cpe:2.3:a:moinmo:moinmoin:1.6.2:::::::*
	cpe:2.3:a:moinmo:moinmoin:1.7.0:::::::*

No data.

References

Link	Providers
http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26
http://hg.moinmo.in/moin/1.7/rev/88356b3f849a
http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter
http://moinmo.in/SecurityFixes
http://osvdb.org/48875
http://www.securityfocus.com/bid/34655
http://www.vupen.com/english/advisories/2008/1307
https://exchange.xforce.ibmcloud.com/vulnerabilities/41911
https://nvd.nist.gov/vuln/detail/CVE-2008-6603
https://www.cve.org/CVERecord?id=CVE-2008-6603

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-04-03T18:00:00

Updated: 2024-08-07T11:34:47.076Z

Reserved: 2009-04-03T00:00:00

Link: CVE-2008-6603

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-04-03T18:30:00.593

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-6603

Redhat

Severity : Low

Publid Date: 2008-04-12T00:00:00Z

Links: CVE-2008-6603 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/SecurityFixes"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"}, {"name": "moinmoin-acl-security-bypass(41911)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"}, {"name": "34655", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34655"}, {"name": "48875", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/48875"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"}, {"name": "ADV-2008-1307", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1307"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-6603", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://moinmo.in/SecurityFixes", "refsource": "CONFIRM", "url": "http://moinmo.in/SecurityFixes"}, {"name": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"}, {"name": "moinmoin-acl-security-bypass(41911)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"}, {"name": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter", "refsource": "CONFIRM", "url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"}, {"name": "34655", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34655"}, {"name": "48875", "refsource": "OSVDB", "url": "http://osvdb.org/48875"}, {"name": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"}, {"name": "ADV-2008-1307", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1307"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:34:47.076Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/SecurityFixes"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"}, {"name": "moinmoin-acl-security-bypass(41911)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"}, {"name": "34655", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34655"}, {"name": "48875", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/48875"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"}, {"name": "ADV-2008-1307", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1307"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-6603", "datePublished": "2009-04-03T18:00:00", "dateReserved": "2009-04-03T00:00:00", "dateUpdated": "2024-08-07T11:34:47.076Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "76F8DDF8-D923-40FE-9D47-F676A04BD908", "vulnerable": true}, {"criteria": "cpe:2.3:a:moinmo:moinmoin:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2863EC4-FAD5-4456-983F-F3676E887CF7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937."}, {"lang": "es", "value": "MoinMoin v1.6.2 y v1.7 no maneja adecuadamente los puntos de cumplimiento de la ACL cuando acl_hierarchic esta fijado como Verdadero, lo que permitir\u00eda a atacantes remotos evitar las restricciones de acceso previstas, una vulnerabilidad diferente que CVE-2008-1937."}], "id": "CVE-2008-6603", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-04-03T18:30:00.593", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"}, {"source": "cve@mitre.org", "url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/48875"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/34655"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1307"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/48875"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/34655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2008/1307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}