oss-sec mailing list archives
Re: CVE request: MoinMoin Wiki (path traversal vulnerability)
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 29 Dec 2012 20:41:28 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/29/2012 11:29 AM, Tilmann Haak wrote:
Hi all, there is a path traversal issue in MoinMoin wiki (version 1.9.3 - 1.9.5). The vulnerability resides in the AttachFile action (function _do_attachment_move in action/AttachFile.py). It fails to properly sanitize file names. Details can be found at: http://moinmo.in/SecurityFixes A fix is available at: http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52 Is it possible to get a CVE number for this one? kind regards, Tilmann
Please use CVE-2012-6080 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQ37foAAoJEBYNRVNeJnmTbKcP/2oAyAcuPak2580QRo3KdiCB bxM9LuXfCW3eYqIV3pU/wzuN9N+JVvfmEgstP+EKV+mrumjzjWcyFfcHdsfJGBDh LzYZsgTM3XiKhOXyaGbv6KNWW9bx1R9HTGPIFRtEiszY253AO/KDXZIB3pRMfWUK l4I9RB99/o94HSk+Bp9f+cjthIABt6vBZK+EECqIRJxMtguwF15QOjz3P3cyO4OZ ouM7T73G3iXoZ3svyjuT+oVBjck4DZQy6niZ2LywzZaShRfnZGofcAcCvFAnKspj lGUhb5YR7k4qSOuAqibnI/OVVMnRTly/ouMcl//OlobpW0lvY6GlMGaRJK6LyfML W6zr1RCB7nAlp14mZ+8Jl3rBrJ/OyQhH/EsqTCU8Lu3thye4FHstMtqR5kYmDNkf cdYCU+MT4UR0IuvuZSbXNWz0Rz9Ig9VTPoRui16CpezPtn0QeaqM2624WOLau1TE MHXZA6w7+92+/yb4RPIHQ+iTx1DKQ2aVjo7poJBFXzPHm8dW1WJQMQFSuAYix61S b54n4YAFaGThj5IWfnswNHz7qq2g8vpBkent0OIWMAXSdC430/GPdetBI8mmlph1 3894/KQCaE68bIkKzn5lminT4e9UAglsmLRhLg8NkuzH+3SNto/6vwud2quz4AsA mCyVaMybICzEo2pil/W9 =L88+ -----END PGP SIGNATURE-----
Current thread:
- CVE request: MoinMoin Wiki (path traversal vulnerability) Tilmann Haak (Dec 29)
- Re: CVE request: MoinMoin Wiki (path traversal vulnerability) Kurt Seifried (Dec 29)