CVE-2019-9482

In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:misp:misp:2.4.102:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-03-01 05:29

Updated : 2024-02-04 20:03


NVD link : CVE-2019-9482

Mitre link : CVE-2019-9482

CVE.ORG link : CVE-2019-9482


JSON object : View

Products Affected

misp

  • misp
CWE
CWE-862

Missing Authorization