CVE-2023-24070

Name of the Vulnerable Software and Affected Versions MISP versions 2.4.167 and earlier

Description The issue is related to an XSS in authkey add via a Referer field in the app/View/AuthKeys/authkey display.ctp file.

Recommendations For MISP versions 2.4.167 and earlier, as a temporary workaround, consider restricting access to the authkey add functionality until a patch is available. Avoid using the Referer field in the affected authkey add functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.