exploitDog

GHSA-prrm-fv2r-3vwp

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.9

Описание

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

Ссылки

EPSS

Процентиль: 52%

0.00296

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-532

Связанные уязвимости

CVE-2017-16946

CVSS3: 4.9

nvd

около 8 лет назад

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

EPSS

Процентиль: 52%

0.00296

Низкий

4.9 Medium

CVSS3

CVE ID

Дефекты

CWE-532