CVE-2010-0667

MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.

Published Bycve@mitre.org

Published DateFeb 26, 2010, 19:30

Affected Versions(1)

moin(PyPI)

Introduced1.9

Fixed1.9.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
moin(PyPI)	1.9	1.9.1	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

http://hg.moinmo.in/moin/1.9/raw-file/1.9.1/docs/CHANGES
http://hg.moinmo.in/moin/1.9/rev/04afdde50094
http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
http://marc.info/?l=oss-security&m=126625972814888&w=2
http://marc.info/?l=oss-security&m=126676896601156&w=2
http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
http://moinmo.in/SecurityFixes
http://secunia.com/advisories/38242
http://www.openwall.com/lists/oss-security/2010/01/21/6
http://www.openwall.com/lists/oss-security/2010/02/15/2

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE