PT-2021-19503 · Misp · Misp

Published

2021-04-23

Updated

2021-05-05

CVE-2021-31780

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MISP version 2.4.141

Description An issue in the MISP application could lead to information disclosure when editing an event. Specifically, when an object has a sharing group associated with an event edit, the sharing group object is ignored, and instead, the passed local ID is reused. This could result in unintended access to sensitive information.

Recommendations For MISP version 2.4.141, update to a version that addresses this issue to prevent information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-212

Related Identifiers

CVE-2021-31780

Affected Products

Misp

PT-2021-19503 · Misp · Misp

CVE-2021-31780

Weakness Enumeration

Related Identifiers

Affected Products

References · 4