Misp · Misp · CVE-2023-37306
**Name of the Vulnerable Software and Affected Versions**
MISP version 2.4.172
**Description**
The issue arises from MISP's mishandling of different certificate file extensions during server sync, leading to sensitive information disclosure through error messages.
**Recommendations**
For MISP version 2.4.172, update to a version that addresses this issue, as the current version mishandles certificate file extensions, potentially leading to sensitive information disclosure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.