{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34777?format=json","vulnerability_id":"VCID-qgm9-pnrw-p3ak","summary":"security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as \"All,\" \"Known,\" or \"Trusted,\" which allows remote authenticated users with virtual group membership to be treated as a member of the group.","aliases":[{"alias":"CVE-2012-4404"},{"alias":"GHSA-g4mx-rm5q-vh24"},{"alias":"PYSEC-2012-10"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7397?format=json","purl":"pkg:pypi/moin@1.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6973?format=json","purl":"pkg:pypi/moin@1.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3fgh-8nmt-2fgp"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-551s-jjxy-qfer"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-faws-7xxv-eudq"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/6974?format=json","purl":"pkg:pypi/moin@1.9.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3fgh-8nmt-2fgp"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-551s-jjxy-qfer"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.1"},{"url":"http://public2.vulnerablecode.io/api/packages/6979?format=json","purl":"pkg:pypi/moin@1.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5dkr-jfqu-4kfq"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-8xsp-chsd-cfhp"},{"vulnerability":"VCID-9ck2-p7hx-4qex"},{"vulnerability":"VCID-aduk-vjjh-c3gc"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"},{"vulnerability":"VCID-xz41-zzdr-6ycb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.2"},{"url":"http://public2.vulnerablecode.io/api/packages/6981?format=json","purl":"pkg:pypi/moin@1.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.3"},{"url":"http://public2.vulnerablecode.io/api/packages/7396?format=json","purl":"pkg:pypi/moin@1.9.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fak-dar5-tuet"},{"vulnerability":"VCID-1kv8-4wn6-yydy"},{"vulnerability":"VCID-2yaq-3m4p-q3bu"},{"vulnerability":"VCID-3z75-azrr-2qac"},{"vulnerability":"VCID-4fn8-ab2r-23dk"},{"vulnerability":"VCID-4q2t-yhg6-k3dg"},{"vulnerability":"VCID-5hn2-1bvq-jfdh"},{"vulnerability":"VCID-h1wf-35g5-5ucz"},{"vulnerability":"VCID-kjqq-u9hy-5yda"},{"vulnerability":"VCID-qgm9-pnrw-p3ak"},{"vulnerability":"VCID-tkp3-e758-suhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.4"}],"references":[{"reference_url":"http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16"},{"reference_url":"http://moinmo.in/SecurityFixes","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://moinmo.in/SecurityFixes"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4404","reference_id":"","reference_type":"","scores":[{"value":"0.0099","scoring_system":"epss","scoring_elements":"0.77224","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4404"},{"reference_url":"http://secunia.com/advisories/50474","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50474"},{"reference_url":"http://secunia.com/advisories/50496","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50496"},{"reference_url":"http://secunia.com/advisories/50885","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50885"},{"reference_url":"https://github.com/moinwiki/moin","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moinwiki/moin"},{"reference_url":"https://github.com/moinwiki/moin/commit/b7791166cb3613d07c6e8eea966b4f763b2de660","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moinwiki/moin/commit/b7791166cb3613d07c6e8eea966b4f763b2de660"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2012-10.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2012-10.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4404","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4404"},{"reference_url":"https://web.archive.org/web/20151016233452/http://secunia.com/advisories/50885","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151016233452/http://secunia.com/advisories/50885"},{"reference_url":"https://web.archive.org/web/20151017041746/http://secunia.com/advisories/50474","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017041746/http://secunia.com/advisories/50474"},{"reference_url":"https://web.archive.org/web/20151017041755/http://secunia.com/advisories/50496","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20151017041755/http://secunia.com/advisories/50496"},{"reference_url":"http://www.debian.org/security/2012/dsa-2538","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2538"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/04/4","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/04/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/09/05/2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/09/05/2"},{"reference_url":"http://www.ubuntu.com/usn/USN-1604-1","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1604-1"}],"weaknesses":[{"cwe_id":284,"name":"Improper Access Control","description":"The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qgm9-pnrw-p3ak"}