{"id":"CVE-2008-6603","details":"MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.","aliases":["GHSA-wc8w-gh5m-62fv","PYSEC-2009-13"],"modified":"2024-11-25T22:42:21.318319Z","published":"2009-04-03T18:30:00Z","withdrawn":"2024-06-30T15:58:54.777646Z","references":[{"type":"ADVISORY","url":"http://moinmo.in/SecurityFixes"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2008/1307"},{"type":"EVIDENCE","url":"http://hg.moinmo.in/moin/1.6/rev/543ae9bdbe26"},{"type":"EVIDENCE","url":"http://hg.moinmo.in/moin/1.7/rev/88356b3f849a"},{"type":"WEB","url":"http://moinmo.in/MoinMoinBugs/AclHierarchicPageAclSupercededByAclRightsAfter"},{"type":"WEB","url":"http://osvdb.org/48875"},{"type":"WEB","url":"http://www.securityfocus.com/bid/34655"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41911"}],"affected":[{"package":{"name":"moin","ecosystem":"Debian:10","purl":"pkg:deb/debian/moin?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.7.1-1"}]}],"ecosystem_specific":{"urgency":"low"},"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2008-6603.json"}}],"schema_version":"1.7.3"}