CVE-2010-0667 - Vulnerability Details - OpenCVE

MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moinmo	Moinmoin

Configuration 1 [-]

cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES
http://hg.moinmo.in/moin/1.9/rev/04afdde50094
http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
http://marc.info/?l=oss-security&m=126625972814888&w=2
http://marc.info/?l=oss-security&m=126676896601156&w=2
http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/38242
http://www.openwall.com/lists/oss-security/2010/01/21/6
http://www.openwall.com/lists/oss-security/2010/02/15/2
https://nvd.nist.gov/vuln/detail/CVE-2010-0667
https://www.cve.org/CVERecord?id=CVE-2010-0667

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-02-26T19:00:00Z

Updated: 2024-09-17T03:07:34.891Z

Reserved: 2010-02-21T00:00:00Z

Link: CVE-2010-0667

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-02-26T19:30:00.463

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-0667

Redhat

Severity : Moderate

Publid Date: 2010-01-19T00:00:00Z

Links: CVE-2010-0667 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-02-26T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/SecurityFixes"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"}, {"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=126676896601156&w=2"}, {"name": "[oss-security] 20100121 CVE request: MoinMoin information disclosure", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"}, {"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=126625972814888&w=2"}, {"name": "38242", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38242"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0667", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"}, {"name": "http://moinmo.in/SecurityFixes", "refsource": "CONFIRM", "url": "http://moinmo.in/SecurityFixes"}, {"name": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"}, {"name": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18", "refsource": "CONFIRM", "url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"}, {"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=126676896601156&w=2"}, {"name": "[oss-security] 20100121 CVE request: MoinMoin information disclosure", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"}, {"name": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"}, {"name": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES", "refsource": "CONFIRM", "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"}, {"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=126625972814888&w=2"}, {"name": "38242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38242"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:59:38.313Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20100215 CVE Request -- MoinMoin -- 1.8.7", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/SecurityFixes"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"}, {"name": "[oss-security] 20100221 Re: CVE Request -- MoinMoin -- 1.8.7", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=126676896601156&w=2"}, {"name": "[oss-security] 20100121 CVE request: MoinMoin information disclosure", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"}, {"name": "[oss-security] 20100215 Re: CVE Request -- MoinMoin -- 1.8.7", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=126625972814888&w=2"}, {"name": "38242", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38242"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0667", "datePublished": "2010-02-26T19:00:00Z", "dateReserved": "2010-02-21T00:00:00Z", "dateUpdated": "2024-09-17T03:07:34.891Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moinmo:moinmoin:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "BAA73028-4193-49E9-B017-F1F27075FDDE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors."}, {"lang": "es", "value": "MoinMoin v1.9 anteriores v1.9.1 no realiza de la forma esperada la limpieza del array sys.argv en situaciones donde la variable de entorno GATEWAY_INTERFACE recibe valor, lo que permite a atacantes remotos conseguir informaci\u00f3n sensible a trav\u00e9s de vectores no especificados."}], "id": "CVE-2010-0667", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-02-26T19:30:00.463", "references": [{"source": "cve@mitre.org", "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"}, {"source": "cve@mitre.org", "url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"}, {"source": "cve@mitre.org", "url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=126625972814888&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=oss-security&m=126676896601156&w=2"}, {"source": "cve@mitre.org", "url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38242"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://hg.moinmo.in/moin/1.9/rev/04afdde50094"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=126625972814888&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=oss-security&m=126676896601156&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://moinmo.in/SecurityFixes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/38242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/01/21/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2010/02/15/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}