CVE-2019-9482

Name of the Vulnerable Software and Affected Versions MISP version 2.4.102

Description The issue allows an authenticated user to view sightings they should not be eligible for, provided they have access to the event that received the sighting. This affects instances with restrictive sighting settings, specifically those set to event only or sighting reported only.

Recommendations For MISP version 2.4.102, restrict access to events that have received sightings to only eligible users as a temporary workaround until a patch is available.