Описание
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:misp:misp:2.4.102:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00274
Низкий
5.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
EPSS
Процентиль: 50%
0.00274
Низкий
5.3 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-862