CVE-2024-25674

An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
Configurations

Configuration 1 (hide)

cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*

History

12 Feb 2024, 14:30

Type Values Removed Values Added
CPE cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*
CWE CWE-434
References () https://github.com/MISP/MISP/commit/312d2d5422235235ddd211dcb6bb5bb09c07791f - () https://github.com/MISP/MISP/commit/312d2d5422235235ddd211dcb6bb5bb09c07791f - Patch
References () https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 - () https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 - Release Notes
First Time Misp
Misp misp
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

09 Feb 2024, 14:31

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en MISP antes de la versión 2.4.184. La carga del logotipo de la organización no es segura debido a la falta de comprobaciones de la extensión del archivo y el tipo MIME.

09 Feb 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-09 09:15

Updated : 2024-02-12 14:30


NVD link : CVE-2024-25674

Mitre link : CVE-2024-25674

CVE.ORG link : CVE-2024-25674


JSON object : View

Products Affected

misp

  • misp
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type