PT-2024-32282 · Misp · Misp
Sharad Kumar Dahal
·
Published
2024-09-15
·
Updated
2024-09-20
·
CVE-2024-46918
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MISP versions prior to 2.4.198
Description
The issue concerns a flaw in the app/Controller/UserLoginProfilesController.php file, which allows an org admin to view sensitive login fields of another org admin within the same organization.
Recommendations
For MISP versions prior to 2.4.198, upgrade to a version that is 2.4.198 or later to mitigate the issue. As a temporary workaround, consider restricting access to the UserLoginProfilesController.php file until the upgrade is applied.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Misp