CVE-2017-14337

Published: Sep 12, 2017Modified: May 13, 2026

8.1

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: NVD

Description

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.

Affected (1)

Products: Misp Project: Misp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Misp Project Misp	Up to 2.4.79

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9

Source: cve@mitre.org

Third Party Advisory

https://www.circl.lu/advisory/CVE-2017-14337/

Source: cve@mitre.org

Third Party Advisory

https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.circl.lu/advisory/CVE-2017-14337/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.