Path Traversal in Moinmo Moinmoin

CVE-2012-6080

Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.015 (81.8th percentile) — read the EPSS interpretation.

Affected products

Moinmo Moinmoin — versions 1.9.3, 1.9.4, 1.9.5
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

57076 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
51663 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
DSA-2593 (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_MISC)
51676 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
51696 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
USN-1680-1 (x_refsource_UBUNTU, vendor-advisory)
[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability) (mailing-list, x_refsource_MLIST)