DSA-2014 moin -- several vulnerabilitiesID: oval:org.mitre.oval:def:7566 | Date: (C)2010-05-24 (M)2021-09-12 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems: Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. MoinMoin does not properly sanitize user profiles. The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages.