{"id":"PYSEC-2009-13","details":"MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.","aliases":["CVE-2008-6603","GHSA-wc8w-gh5m-62fv"],"modified":"2024-11-25T22:42:20.373946Z","published":"2009-04-03T18:30:00Z","references":[{"type":"WEB","url":"http://osvdb.org/48875"},{"type":"EVIDENCE","url":"http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"},{"type":"WEB","url":"http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2008/1307"},{"type":"EVIDENCE","url":"http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"},{"type":"ADVISORY","url":"http://moinmo.in/SecurityFixes"},{"type":"WEB","url":"http://www.securityfocus.com/bid/34655"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"}],"affected":[{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.3"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-13.yaml"}},{"package":{"name":"moin","ecosystem":"PyPI","purl":"pkg:pypi/moin"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"1.7"},{"fixed":"1.7.1"}]}],"versions":["1.7"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/moin/PYSEC-2009-13.yaml"}}],"schema_version":"1.7.3"}