CVE-2018-8949

Published: Mar 23, 2018Modified: Nov 21, 2024

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.

Affected (1)

Products: Misp Project: Misp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Misp Project Misp	Before 2.4.89

Related CWEs

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (2)

https://github.com/MISP/MISP/commit/37720c38d6c617439df0a13e9396fcb26345dadd

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/MISP/MISP/commit/37720c38d6c617439df0a13e9396fcb26345dadd

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.