MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.
|Package||www-apps/moinmoin on all architectures|
|Affected versions||<= 1.2.2|
|Unaffected versions||>= 1.2.3|
MoinMoin is a Python clone of WikiWiki, based on PikiPiki.
MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor.
Restrictions on anonymous users were not properly enforced. This could lead to unauthorized users gaining administrative access to functions such as "revert" and "delete". Sites are vulnerable whether or not they are using ACLs.
There is no known workaround.
All users should upgrade to the latest available version of MoinMoin, as follows:
# emerge sync # emerge -pv ">=www-apps/moinmoin-1.2.3" # emerge ">=www-apps/moinmoin-1.2.3"
August 26, 2004
May 22, 2006: 02