Vulnerabilities > CVE-2022-42724 - Incorrect Authorization vulnerability in Misp-Project Malware Information Sharing Platform

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

misp-project

CWE-863

NVD

Published: 2022-10-10

Updated: 2023-08-08

Summary

app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).

Vulnerable Configurations

Part	Description	Count
Application	Misp-Project Misp Project Malware Information Sharing Platform 0.1 Misp Project Malware Information Sharing Platform 0.2 Misp Project Malware Information Sharing Platform 2.1 Misp Project Malware Information Sharing Platform 2.1.18 Misp Project Malware Information Sharing Platform 2.2.1 Misp Project Malware Information Sharing Platform 2.2.2 Misp Project Malware Information Sharing Platform 2.3.0 Misp Project Malware Information Sharing Platform 2.3.14 Misp Project Malware Information Sharing Platform 2.3.15 Misp Project Malware Information Sharing Platform 2.3.16 Misp Project Malware Information Sharing Platform 2.3.17 Misp Project Malware Information Sharing Platform 2.3.18 Misp Project Malware Information Sharing Platform 2.3.19 Misp Project Malware Information Sharing Platform 2.3.20 Misp Project Malware Information Sharing Platform 2.3.21 Misp Project Malware Information Sharing Platform 2.3.22 Misp Project Malware Information Sharing Platform 2.3.23 Misp Project Malware Information Sharing Platform 2.3.24 Misp Project Malware Information Sharing Platform 2.3.25 Misp Project Malware Information Sharing Platform 2.3.26 Misp Project Malware Information Sharing Platform 2.3.27 Misp Project Malware Information Sharing Platform 2.3.28 Misp Project Malware Information Sharing Platform 2.3.29 Misp Project Malware Information Sharing Platform 2.3.30 Misp Project Malware Information Sharing Platform 2.3.31 Misp Project Malware Information Sharing Platform 2.3.32 Misp Project Malware Information Sharing Platform 2.3.33 Misp Project Malware Information Sharing Platform 2.3.34 Misp Project Malware Information Sharing Platform 2.3.35 Misp Project Malware Information Sharing Platform 2.3.36 Misp Project Malware Information Sharing Platform 2.3.37 Misp Project Malware Information Sharing Platform 2.3.38 Misp Project Malware Information Sharing Platform 2.3.39 Misp Project Malware Information Sharing Platform 2.3.40 Misp Project Malware Information Sharing Platform 2.3.41 Misp Project Malware Information Sharing Platform 2.3.42 Misp Project Malware Information Sharing Platform 2.3.43 Misp Project Malware Information Sharing Platform 2.3.44 Misp Project Malware Information Sharing Platform 2.3.45 Misp Project Malware Information Sharing Platform 2.3.46 Misp Project Malware Information Sharing Platform 2.3.47 Misp Project Malware Information Sharing Platform 2.3.48 Misp Project Malware Information Sharing Platform 2.3.49 Misp Project Malware Information Sharing Platform 2.3.50 Misp Project Malware Information Sharing Platform 2.3.51 Misp Project Malware Information Sharing Platform 2.3.52 Misp Project Malware Information Sharing Platform 2.3.53 Misp Project Malware Information Sharing Platform 2.3.54 Misp Project Malware Information Sharing Platform 2.3.55 Misp Project Malware Information Sharing Platform 2.3.56 Misp Project Malware Information Sharing Platform 2.3.57 Misp Project Malware Information Sharing Platform 2.3.58 Misp Project Malware Information Sharing Platform 2.3.59 Misp Project Malware Information Sharing Platform 2.3.60 Misp Project Malware Information Sharing Platform 2.3.61 Misp Project Malware Information Sharing Platform 2.3.62 Misp Project Malware Information Sharing Platform 2.3.63 Misp Project Malware Information Sharing Platform 2.3.64 Misp Project Malware Information Sharing Platform 2.3.65 Misp Project Malware Information Sharing Platform 2.3.66 Misp Project Malware Information Sharing Platform 2.3.67 Misp Project Malware Information Sharing Platform 2.3.68 Misp Project Malware Information Sharing Platform 2.3.69 Misp Project Malware Information Sharing Platform 2.3.70 Misp Project Malware Information Sharing Platform 2.3.71 Misp Project Malware Information Sharing Platform 2.3.72 Misp Project Malware Information Sharing Platform 2.3.73 Misp Project Malware Information Sharing Platform 2.3.74 Misp Project Malware Information Sharing Platform 2.3.75 Misp Project Malware Information Sharing Platform 2.3.76 Misp Project Malware Information Sharing Platform 2.3.77 Misp Project Malware Information Sharing Platform 2.3.78 Misp Project Malware Information Sharing Platform 2.3.79 Misp Project Malware Information Sharing Platform 2.3.80 Misp Project Malware Information Sharing Platform 2.3.81 Misp Project Malware Information Sharing Platform 2.3.82 Misp Project Malware Information Sharing Platform 2.3.83 Misp Project Malware Information Sharing Platform 2.3.84 Misp Project Malware Information Sharing Platform 2.3.85 Misp Project Malware Information Sharing Platform 2.3.87 Misp Project Malware Information Sharing Platform 2.3.88 Misp Project Malware Information Sharing Platform 2.3.89 Misp Project Malware Information Sharing Platform 2.3.90 Misp Project Malware Information Sharing Platform 2.3.91 Misp Project Malware Information Sharing Platform 2.3.92 Misp Project Malware Information Sharing Platform 2.3.93 Misp Project Malware Information Sharing Platform 2.3.94 Misp Project Malware Information Sharing Platform 2.3.95 Misp Project Malware Information Sharing Platform 2.3.96 Misp Project Malware Information Sharing Platform 2.3.97 Misp Project Malware Information Sharing Platform 2.3.98 Misp Project Malware Information Sharing Platform 2.3.99 Misp Project Malware Information Sharing Platform 2.3.100 Misp Project Malware Information Sharing Platform 2.3.101 Misp Project Malware Information Sharing Platform 2.3.102 Misp Project Malware Information Sharing Platform 2.3.103 Misp Project Malware Information Sharing Platform 2.3.104 Misp Project Malware Information Sharing Platform 2.3.105 Misp Project Malware Information Sharing Platform 2.3.106 Misp Project Malware Information Sharing Platform 2.3.107 Misp Project Malware Information Sharing Platform 2.3.108 Misp Project Malware Information Sharing Platform 2.3.109 Misp Project Malware Information Sharing Platform 2.3.110 Misp Project Malware Information Sharing Platform 2.3.111 Misp Project Malware Information Sharing Platform 2.3.112 Misp Project Malware Information Sharing Platform 2.3.113 Misp Project Malware Information Sharing Platform 2.3.114 Misp Project Malware Information Sharing Platform 2.3.115 Misp Project Malware Information Sharing Platform 2.3.116 Misp Project Malware Information Sharing Platform 2.3.117 Misp Project Malware Information Sharing Platform 2.3.118 Misp Project Malware Information Sharing Platform 2.3.120 Misp Project Malware Information Sharing Platform 2.3.121 Misp Project Malware Information Sharing Platform 2.3.122 Misp Project Malware Information Sharing Platform 2.3.123 Misp Project Malware Information Sharing Platform 2.3.124 Misp Project Malware Information Sharing Platform 2.3.125 Misp Project Malware Information Sharing Platform 2.3.126 Misp Project Malware Information Sharing Platform 2.3.127 Misp Project Malware Information Sharing Platform 2.3.128 Misp Project Malware Information Sharing Platform 2.3.129 Misp Project Malware Information Sharing Platform 2.3.130 Misp Project Malware Information Sharing Platform 2.3.131 Misp Project Malware Information Sharing Platform 2.3.132 Misp Project Malware Information Sharing Platform 2.3.133 Misp Project Malware Information Sharing Platform 2.3.134 Misp Project Malware Information Sharing Platform 2.3.135 Misp Project Malware Information Sharing Platform 2.3.136 Misp Project Malware Information Sharing Platform 2.3.137 Misp Project Malware Information Sharing Platform 2.3.138 Misp Project Malware Information Sharing Platform 2.3.139 Misp Project Malware Information Sharing Platform 2.3.140 Misp Project Malware Information Sharing Platform 2.3.141 Misp Project Malware Information Sharing Platform 2.3.142 Misp Project Malware Information Sharing Platform 2.3.143 Misp Project Malware Information Sharing Platform 2.3.144 Misp Project Malware Information Sharing Platform 2.3.145 Misp Project Malware Information Sharing Platform 2.3.146 Misp Project Malware Information Sharing Platform 2.3.147 Misp Project Malware Information Sharing Platform 2.3.148 Misp Project Malware Information Sharing Platform 2.3.149 Misp Project Malware Information Sharing Platform 2.3.150 Misp Project Malware Information Sharing Platform 2.3.151 Misp Project Malware Information Sharing Platform 2.3.152 Misp Project Malware Information Sharing Platform 2.3.153 Misp Project Malware Information Sharing Platform 2.3.154 Misp Project Malware Information Sharing Platform 2.3.155 Misp Project Malware Information Sharing Platform 2.3.156 Misp Project Malware Information Sharing Platform 2.3.157 Misp Project Malware Information Sharing Platform 2.3.158 Misp Project Malware Information Sharing Platform 2.3.159 Misp Project Malware Information Sharing Platform 2.3.160 Misp Project Malware Information Sharing Platform 2.3.161 Misp Project Malware Information Sharing Platform 2.3.162 Misp Project Malware Information Sharing Platform 2.3.163 Misp Project Malware Information Sharing Platform 2.3.164 Misp Project Malware Information Sharing Platform 2.3.165 Misp Project Malware Information Sharing Platform 2.3.166 Misp Project Malware Information Sharing Platform 2.3.167 Misp Project Malware Information Sharing Platform 2.3.168 Misp Project Malware Information Sharing Platform 2.3.169 Misp Project Malware Information Sharing Platform 2.3.170 Misp Project Malware Information Sharing Platform 2.3.171 Misp Project Malware Information Sharing Platform 2.3.172 Misp Project Malware Information Sharing Platform 2.3.173 Misp Project Malware Information Sharing Platform 2.3.174 Misp Project Malware Information Sharing Platform 2.3.175 Misp Project Malware Information Sharing Platform 2.3.176 Misp Project Malware Information Sharing Platform 2.3.177 Misp Project Malware Information Sharing Platform 2.3.178 Misp Project Malware Information Sharing Platform 2.4.0 Misp Project Malware Information Sharing Platform 2.4.1 Misp Project Malware Information Sharing Platform 2.4.2 Misp Project Malware Information Sharing Platform 2.4.3 Misp Project Malware Information Sharing Platform 2.4.4 Misp Project Malware Information Sharing Platform 2.4.5 Misp Project Malware Information Sharing Platform 2.4.6 Misp Project Malware Information Sharing Platform 2.4.7 Misp Project Malware Information Sharing Platform 2.4.9 Misp Project Malware Information Sharing Platform 2.4.10 Misp Project Malware Information Sharing Platform 2.4.11 Misp Project Malware Information Sharing Platform 2.4.12 Misp Project Malware Information Sharing Platform 2.4.13 Misp Project Malware Information Sharing Platform 2.4.14 Misp Project Malware Information Sharing Platform 2.4.15 Misp Project Malware Information Sharing Platform 2.4.16 Misp Project Malware Information Sharing Platform 2.4.17 Misp Project Malware Information Sharing Platform 2.4.18 Misp Project Malware Information Sharing Platform 2.4.20 Misp Project Malware Information Sharing Platform 2.4.21 Misp Project Malware Information Sharing Platform 2.4.22 Misp Project Malware Information Sharing Platform 2.4.23 Misp Project Malware Information Sharing Platform 2.4.24 Misp Project Malware Information Sharing Platform 2.4.25 Misp Project Malware Information Sharing Platform 2.4.26 Misp Project Malware Information Sharing Platform 2.4.27 Misp Project Malware Information Sharing Platform 2.4.28 Misp Project Malware Information Sharing Platform 2.4.29 Misp Project Malware Information Sharing Platform 2.4.30 Misp Project Malware Information Sharing Platform 2.4.31 Misp Project Malware Information Sharing Platform 2.4.32 Misp Project Malware Information Sharing Platform 2.4.33 Misp Project Malware Information Sharing Platform 2.4.34 Misp Project Malware Information Sharing Platform 2.4.35 Misp Project Malware Information Sharing Platform 2.4.36 Misp Project Malware Information Sharing Platform 2.4.37 Misp Project Malware Information Sharing Platform 2.4.38 Misp Project Malware Information Sharing Platform 2.4.39 Misp Project Malware Information Sharing Platform 2.4.40 Misp Project Malware Information Sharing Platform 2.4.41 Misp Project Malware Information Sharing Platform 2.4.42 Misp Project Malware Information Sharing Platform 2.4.43 Misp Project Malware Information Sharing Platform 2.4.44 Misp Project Malware Information Sharing Platform 2.4.45 Misp Project Malware Information Sharing Platform 2.4.46 Misp Project Malware Information Sharing Platform 2.4.47 Misp Project Malware Information Sharing Platform 2.4.48 Misp Project Malware Information Sharing Platform 2.4.49 Misp Project Malware Information Sharing Platform 2.4.50 Misp Project Malware Information Sharing Platform 2.4.51 Misp Project Malware Information Sharing Platform 2.4.52 Misp Project Malware Information Sharing Platform 2.4.53 Misp Project Malware Information Sharing Platform 2.4.54 Misp Project Malware Information Sharing Platform 2.4.55 Misp Project Malware Information Sharing Platform 2.4.56 Misp Project Malware Information Sharing Platform 2.4.57 Misp Project Malware Information Sharing Platform 2.4.58 Misp Project Malware Information Sharing Platform 2.4.59 Misp Project Malware Information Sharing Platform 2.4.60 Misp Project Malware Information Sharing Platform 2.4.61 Misp Project Malware Information Sharing Platform 2.4.62 Misp Project Malware Information Sharing Platform 2.4.63 Misp Project Malware Information Sharing Platform 2.4.64 Misp Project Malware Information Sharing Platform 2.4.65 Misp Project Malware Information Sharing Platform 2.4.66 Misp Project Malware Information Sharing Platform 2.4.67 Misp Project Malware Information Sharing Platform 2.4.68 Misp Project Malware Information Sharing Platform 2.4.69 Misp Project Malware Information Sharing Platform 2.4.70 Misp Project Malware Information Sharing Platform 2.4.71 Misp Project Malware Information Sharing Platform 2.4.72 Misp Project Malware Information Sharing Platform 2.4.73 Misp Project Malware Information Sharing Platform 2.4.74 Misp Project Malware Information Sharing Platform 2.4.75 Misp Project Malware Information Sharing Platform 2.4.76 Misp Project Malware Information Sharing Platform 2.4.77 Misp Project Malware Information Sharing Platform 2.4.78 Misp Project Malware Information Sharing Platform 2.4.79 Misp Project Malware Information Sharing Platform 2.4.80 Misp Project Malware Information Sharing Platform 2.4.81 Misp Project Malware Information Sharing Platform 2.4.82 Misp Project Malware Information Sharing Platform 2.4.83 Misp Project Malware Information Sharing Platform 2.4.84 Misp Project Malware Information Sharing Platform 2.4.85 Misp Project Malware Information Sharing Platform 2.4.86 Misp Project Malware Information Sharing Platform 2.4.87 Misp Project Malware Information Sharing Platform 2.4.88 Misp Project Malware Information Sharing Platform 2.4.89 Misp Project Malware Information Sharing Platform 2.4.90 Misp Project Malware Information Sharing Platform 2.4.91 Misp Project Malware Information Sharing Platform 2.4.92 Misp Project Malware Information Sharing Platform 2.4.93 Misp Project Malware Information Sharing Platform 2.4.94 Misp Project Malware Information Sharing Platform 2.4.95 Misp Project Malware Information Sharing Platform 2.4.96 Misp Project Malware Information Sharing Platform 2.4.97 Misp Project Malware Information Sharing Platform 2.4.98 Misp Project Malware Information Sharing Platform 2.4.99 Misp Project Malware Information Sharing Platform 2.4.100 Misp Project Malware Information Sharing Platform 2.4.101 Misp Project Malware Information Sharing Platform 2.4.102 Misp Project Malware Information Sharing Platform 2.4.103 Misp Project Malware Information Sharing Platform 2.4.104 Misp Project Malware Information Sharing Platform 2.4.105 Misp Project Malware Information Sharing Platform 2.4.106 Misp Project Malware Information Sharing Platform 2.4.107 Misp Project Malware Information Sharing Platform 2.4.108 Misp Project Malware Information Sharing Platform 2.4.109 Misp Project Malware Information Sharing Platform 2.4.110 Misp Project Malware Information Sharing Platform 2.4.111 Misp Project Malware Information Sharing Platform 2.4.112 Misp Project Malware Information Sharing Platform 2.4.113 Misp Project Malware Information Sharing Platform 2.4.114 Misp Project Malware Information Sharing Platform 2.4.115 Misp Project Malware Information Sharing Platform 2.4.116 Misp Project Malware Information Sharing Platform 2.4.117 Misp Project Malware Information Sharing Platform 2.4.118 Misp Project Malware Information Sharing Platform 2.4.119 Misp Project Malware Information Sharing Platform 2.4.120 Misp Project Malware Information Sharing Platform 2.4.121 Misp Project Malware Information Sharing Platform 2.4.122 Misp Project Malware Information Sharing Platform 2.4.123 Misp Project Malware Information Sharing Platform 2.4.124 Misp Project Malware Information Sharing Platform 2.4.125 Misp Project Malware Information Sharing Platform 2.4.126 Misp Project Malware Information Sharing Platform 2.4.127 Misp Project Malware Information Sharing Platform 2.4.128 Misp Project Malware Information Sharing Platform 2.4.129 Misp Project Malware Information Sharing Platform 2.4.130 Misp Project Malware Information Sharing Platform 2.4.131 Misp Project Malware Information Sharing Platform 2.4.132 Misp Project Malware Information Sharing Platform 2.4.133 Misp Project Malware Information Sharing Platform 2.4.134 Misp Project Malware Information Sharing Platform 2.4.135 Misp Project Malware Information Sharing Platform 2.4.136 Misp Project Malware Information Sharing Platform 2.4.137 Misp Project Malware Information Sharing Platform 2.4.138 Misp Project Malware Information Sharing Platform 2.4.139 Misp Project Malware Information Sharing Platform 2.4.140 Misp Project Malware Information Sharing Platform 2.4.141 Misp Project Malware Information Sharing Platform 2.4.142 Misp Project Malware Information Sharing Platform 2.4.143 Misp Project Malware Information Sharing Platform 2.4.144 Misp Project Malware Information Sharing Platform 2.4.145 Misp Project Malware Information Sharing Platform 2.4.146 Misp Project Malware Information Sharing Platform 2.4.147 Misp Project Malware Information Sharing Platform 2.4.148 Misp Project Malware Information Sharing Platform 2.4.149 Misp Project Malware Information Sharing Platform 2.4.150 Misp Project Malware Information Sharing Platform 2.4.151 Misp Project Malware Information Sharing Platform 2.4.152 Misp Project Malware Information Sharing Platform 2.4.153 Misp Project Malware Information Sharing Platform 2.4.154 Misp Project Malware Information Sharing Platform 2.4.155 Misp Project Malware Information Sharing Platform 2.4.156 Misp Project Malware Information Sharing Platform 2.4.157 Misp Project Malware Information Sharing Platform 2.4.158 Misp Project Malware Information Sharing Platform 2.4.159 Misp Project Malware Information Sharing Platform 2.4.160 Misp Project Malware Information Sharing Platform 2.4.161 Misp Project Malware Information Sharing Platform 2.4.162 Misp Project Malware Information Sharing Platform 2.4.163	332

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5