MoinMoin: Group ACL bypass MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users. MoinMoin 2004-08-26 2006-05-22 57913 remote 1.2.3 1.2.2

MoinMoin is a Python clone of WikiWiki, based on PikiPiki.

MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor.

Restrictions on anonymous users were not properly enforced. This could lead to unauthorized users gaining administrative access to functions such as "revert" and "delete". Sites are vulnerable whether or not they are using ACLs.

There is no known workaround.

All users should upgrade to the latest available version of MoinMoin, as follows:

# emerge sync # emerge -pv ">=www-apps/moinmoin-1.2.3" # emerge ">=www-apps/moinmoin-1.2.3" MoinMoin Announcement OSVDB Advisory 8194 OSVDB Advisory 8195 CVE-2004-1462 CVE-2004-1463 dmargoli