CVE-2019-9482
on github
Published
Severity
CVSS v3:
5.3 MEDIUM
CVSS v2:
3.5 LOW
Description
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:misp:misp:2.4.102:*:*:*:*:*:*:* | n/a | n/a | 2.4.102 |