CVE-2007-0902: MoinMoin Insertion of Sensitive Information into Log File

May 1, 2022 (updated May 14, 2024)

An information leak was discovered in MoinMoin’s debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add “show_traceback=0” to their site configurations to disable debug tracebacks.

References

github.com/advisories/GHSA-mxh8-xgq9-w782
moinmo.in/MoinMoinRelease1.5/CHANGES
nvd.nist.gov/vuln/detail/CVE-2007-0902

Detect and mitigate CVE-2007-0902 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →