CVE-2021-27904

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.139

Description: An issue was discovered in the implementation of Sharing Groups, where the all org flag sometimes provided view access to unintended actors. This occurred due to a problem in the app/Model/SharingGroupServer.php file.

Recommendations: For MISP version 2.4.139, consider restricting access to the Sharing Groups feature until a patch is available. As a temporary workaround, review and adjust the all org flag settings to ensure they are correctly configured and not providing unintended access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.