Vulnerabilities > Misp > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-20 CVE-2022-29534 Improper Authentication vulnerability in Misp
An issue was discovered in MISP before 2.4.158.
network
low complexity
misp CWE-287
7.5
7.5
2022-03-18 CVE-2022-27243 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.156.
local
low complexity
misp
7.8
7.8
2022-03-18 CVE-2022-27245 Server-Side Request Forgery (SSRF) vulnerability in Misp
An issue was discovered in MISP before 2.4.156.
network
low complexity
misp CWE-918
8.8
8.8
2021-04-23 CVE-2021-31780 Improper Cross-boundary Removal of Sensitive Data vulnerability in Misp 2.4.141
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit.
network
low complexity
misp CWE-212
7.5
7.5
2020-11-02 CVE-2020-28043 Server-Side Request Forgery (SSRF) vulnerability in Misp
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
network
low complexity
misp CWE-918
7.5
7.5
2020-09-18 CVE-2020-25766 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.132.
network
low complexity
misp
7.5
7.5
2020-07-14 CVE-2020-15711 Cross-Site Request Forgery (CSRF) vulnerability in Misp
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
network
low complexity
misp CWE-352
8.8
8.8
2020-06-22 CVE-2020-14969 Missing Authorization vulnerability in Misp 2.4.127
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations.
network
low complexity
misp CWE-862
7.5
7.5
2020-02-12 CVE-2020-8893 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
low complexity
misp
7.5
7.5
2020-02-12 CVE-2020-8892 Unspecified vulnerability in Misp
An issue was discovered in MISP before 2.4.121.
network
high complexity
misp
8.1
8.1