Vulnerabilities > CVE-2018-8949 - Exposed Dangerous Method or Function vulnerability in Misp-Project Misp

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

misp-project

CWE-749

NVD

Published: 2018-03-23

Updated: 2018-04-19

Summary

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.

Vulnerable Configurations

Part	Description	Count
Application	Misp-Project Misp Project Misp *	1

Common Weakness Enumeration (CWE)

CWE-749 - Exposed Dangerous Method or Function

References

https://github.com/MISP/MISP/commit/37720c38d6c617439df0a13e9396fcb26345dadd