CVE-2023-24028

Name of the Vulnerable Software and Affected Versions MISP version 2.4.167

Description The issue concerns incorrect access control in the ACLComponent.php file for the decaying import function. This affects the app/Controller/Component/ACLComponent.php component.

Recommendations For MISP version 2.4.167, consider restricting access to the decaying import function until a patch is available. As a temporary workaround, review and adjust the access control settings in the ACLComponent.php file to ensure proper access control for the decaying import function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.