app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
References
Link | Resource |
---|---|
https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5 | Patch Third Party Advisory |
Configurations
Information
Published : 2022-10-09 22:15
Updated : 2022-10-11 10:22
NVD link : CVE-2022-42724
Mitre link : CVE-2022-42724
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
misp-project
- malware_information_sharing_platform