Vulnerabilities > Misp > Misp > 2.4.91
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-15 | CVE-2024-46918 | Incorrect Authorization vulnerability in Misp app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | 4.9 |
| 2024-09-01 | CVE-2024-45509 | Incorrect Authorization vulnerability in Misp In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | 6.5 |
| 2024-03-21 | CVE-2024-29859 | Unrestricted Upload of File with Dangerous Type vulnerability in Misp In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. | 9.8 |
| 2024-02-09 | CVE-2024-25674 | Unrestricted Upload of File with Dangerous Type vulnerability in Misp An issue was discovered in MISP before 2.4.184. | 9.8 |
| 2024-02-09 | CVE-2024-25675 | Unspecified vulnerability in Misp An issue was discovered in MISP before 2.4.184. | 9.8 |
| 2023-12-15 | CVE-2023-50918 | Unspecified vulnerability in Misp app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. | 9.8 |
| 2023-12-03 | CVE-2023-49926 | Cross-site Scripting vulnerability in Misp app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. | 6.1 |
| 2023-02-20 | CVE-2022-48328 | Improper Handling of Exceptional Conditions vulnerability in Misp app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | 9.8 |
| 2023-02-20 | CVE-2022-48329 | Improper Handling of Exceptional Conditions vulnerability in Misp MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | 9.8 |
| 2022-04-20 | CVE-2022-29528 | Deserialization of Untrusted Data vulnerability in Misp An issue was discovered in MISP before 2.4.158. | 9.8 |