PT-2023-25897 · Misp · Misp
Hash_Kitten
·
Publicado
2023-06-30
·
Atualizado
2023-07-07
·
CVE-2023-37306
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MISP version 2.4.172
Description
The issue arises from MISP's mishandling of different certificate file extensions during server sync, leading to sensitive information disclosure through error messages.
Recommendations
For MISP version 2.4.172, update to a version that addresses this issue, as the current version mishandles certificate file extensions, potentially leading to sensitive information disclosure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Generation of Error Message Containing Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Misp