CVE-2021-27904

MISP/MISP

on github

Published

March 2, 2021

Severity

CVSS v3:

5.5 MEDIUM

CVSS v2:

2.1 LOW

Description

An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.

References

https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:misp:misp::::::::	n/a	2.4.139 (including)	*

External Links

NVD - CVE-2021-27904