CVE-2024-25675

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
Configurations

Configuration 1 (hide)

cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*

History

12 Feb 2024, 14:30

Type Values Removed Values Added
References () https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594 - () https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594 - Patch
References () https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 - () https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 - Release Notes
CPE cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*
First Time Misp
Misp misp
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

09 Feb 2024, 14:26

Type Values Removed Values Added
Summary
  • (es) Se descubrió un problema en MISP antes de la versión 2.4.184. Un cliente no necesita utilizar POST para iniciar un proceso de generación de exportaciones. Esto está relacionado con app/Controller/JobsController.php y app/View/Events/export.ctp.

09 Feb 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-09 09:15

Updated : 2024-02-12 14:30


NVD link : CVE-2024-25675

Mitre link : CVE-2024-25675

CVE.ORG link : CVE-2024-25675


JSON object : View

Products Affected

misp

  • misp