Vulnerability Details CVE-2023-37306
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.7%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908
- https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle
- https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908
- https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle
Products affected by CVE-2023-37306
-
cpe:2.3:a:misp-project:malware_information_sharing_platform:2.4.172