PT-2023-25897 · Misp · Misp
Hash_Kitten
·
Published
2023-06-30
·
Updated
2023-07-07
·
CVE-2023-37306
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MISP version 2.4.172
Description
The issue arises from MISP's mishandling of different certificate file extensions during server sync, leading to sensitive information disclosure through error messages.
Recommendations
For MISP version 2.4.172, update to a version that addresses this issue, as the current version mishandles certificate file extensions, potentially leading to sensitive information disclosure.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Misp