Vulnerability Database

310,450

Total vulnerabilities in the database

CVE-2012-4404

security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

Published: Sep 10, 2012
Updated: Nov 9, 2025
CVE: CVE-2012-4404
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
moinmo / moinmoin	1.9.3	1.9.3.x
moinmo / moinmoin	1.9.0	1.9.0.x
moinmo / moinmoin	1.9.4	1.9.4.x
moinmo / moinmoin	1.9.2	1.9.2.x
moinmo / moinmoin	1.9.1	1.9.1.x

http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/50474
http://secunia.com/advisories/50496
http://secunia.com/advisories/50885
http://www.debian.org/security/2012/dsa-2538
http://www.openwall.com/lists/oss-security/2012/09/04/4
http://www.openwall.com/lists/oss-security/2012/09/05/2
http://www.ubuntu.com/usn/USN-1604-1

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo