CVE-2021-31780

Published April 23rd, 2021

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

MEDIUM

Affected

PROJECT

Description

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.

MISP/MISP

MISP (core software) - Open Source Threat Intelligence and Sharing Platform

GitHub

6.38K