Vulnerabilities > CVE-2018-8949 - Exposed Dangerous Method or Function vulnerability in Misp-Project Misp

047910
CVSS 5.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
misp-project
CWE-749

Summary

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.

Vulnerable Configurations

Part Description Count
Application
Misp-Project
1

Common Weakness Enumeration (CWE)