Misp: >> Misp >> 2.4.109 Security Vulnerabilities
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-12
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-10
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
CVSS Score
7.2
EPSS Score
0.02
Published
2019-06-18
Page 5