Vulnerabilities > CVE-2019-9482 - Missing Authorization vulnerability in Misp 2.4.102

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

misp

CWE-862

NVD

Published: 2019-03-01

Updated: 2021-07-21

Summary

In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).

Vulnerable Configurations

Part	Description	Count
Application	Misp Misp Misp 2.4.102	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/MISP/MISP/commit/c69969329d197bcdd04832b03310fa73f4eb7155