PT-2022-18323 · Misp · Misp

Ianis Bernard

Published

2022-03-18

Updated

2022-03-25

CVE-2022-27243

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.156

Description An issue was discovered that allows Local File Inclusion via the custom terms file setting in the app/View/Users/terms.ctp file.

Recommendations For versions prior to 2.4.156, update to version 2.4.156 or later to resolve the issue. As a temporary workaround, consider restricting access to the terms.ctp file until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-27243

Affected Products

Misp

PT-2022-18323 · Misp · Misp

CVE-2022-27243

Related Identifiers

Affected Products

References · 4