CVE-2024-29858

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.187

Description The issue concerns a weak security check in the uploadLogo function within the OrganisationsController.php file. This function does not properly validate logo uploads.

Recommendations For versions prior to 2.4.187, update to version 2.4.187 or later to resolve the issue. As a temporary workaround, consider disabling the uploadLogo function in OrganisationsController.php until a patch is available. Restrict access to the logo upload feature to minimize the risk of exploitation.