CVE-2018-8949

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.89

Description A critical issue was discovered, potentially allowing users to delete attributes of other events. This could be achieved by crafting an edit for an event without attribute UUIDs but with attribute IDs set, which could overwrite an existing attribute.

Recommendations For versions prior to 2.4.89, update to version 2.4.89 or later to resolve the issue. As a temporary workaround, consider restricting access to the attribute editing functionality to minimize the risk of exploitation.