app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
References
Link | Resource |
---|---|
https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5 | Patch Third Party Advisory |
Configurations
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 |
11 Oct 2022, 17:22
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5 - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:misp-project:malware_information_sharing_platform:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
CWE | CWE-200 | |
First Time |
Misp-project malware Information Sharing Platform
Misp-project |
10 Oct 2022, 05:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-10 05:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-42724
Mitre link : CVE-2022-42724
CVE.ORG link : CVE-2022-42724
JSON object : View
Products Affected
misp-project
- malware_information_sharing_platform
CWE
CWE-863
Incorrect Authorization