CVE-2019-16202

Published: Sep 10, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.

Affected (1)

Products: Misp: Misp

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Misp Misp	Before 2.4.115

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/

Source: cve@mitre.org

Third Party Advisory

https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/MISP/MISP/compare/v2.4.114...v2.4.115

Source: cve@mitre.org

PatchThird Party Advisory

https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/MISP/MISP/compare/v2.4.114...v2.4.115

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.