Описание
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:misp:misp:2.4.141:*:*:*:*:*:*:*
EPSS
Процентиль: 57%
0.00354
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-212
Связанные уязвимости
github
больше 3 лет назад
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.
EPSS
Процентиль: 57%
0.00354
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-212