Misp: >> Misp >> 2.4.111 Security Vulnerabilities
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-12
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-10
In app/webroot/js/event-graph.js in MISP 2.4.111, a stored XSS vulnerability exists in the event-graph view when a user toggles the event graph view. A malicious MISP event must be crafted in order to trigger the vulnerability.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-07-27
Page 5