PT-2019-19675 · Misp · Misp

Published

2019-03-01

Updated

2021-07-21

CVE-2019-9482

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MISP version 2.4.102

Description The issue allows an authenticated user to view sightings they should not be eligible for, provided they have access to the event that received the sighting. This affects instances with restrictive sighting settings, specifically those set to event only or sighting reported only.

Recommendations For MISP version 2.4.102, restrict access to events that have received sightings to only eligible users as a temporary workaround until a patch is available.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-9482

Affected Products

Misp

PT-2019-19675 · Misp · Misp

CVE-2019-9482

Weakness Enumeration

Related Identifiers

Affected Products

References · 3