Luciano Righetti

14 exploits Active since Jul 2021
CVE-2026-10611 WRITEUP CRITICAL WRITEUP
OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled
An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication plugin, such as LDAP, may have their authenticated session established during the application beforeFilter phase before the normal login flow enforces the OTP challenge. As a result, an attacker with valid primary authentication credentials could bypass the required OTP step by authenticating through the plugin-backed login flow and then directly accessing another application URL instead of completing the OTP verification page. This allows access to the application as the affected user without providing a valid TOTP, HOTP, or email OTP code. The issue affects configurations where plugin-based authentication is enabled and OTP is expected to be mandatory. The fix ensures that OTP requirements are checked immediately after plugin authentication and before the user session is established, redirecting users to the appropriate OTP challenge when required.
CVSS 10.0
CVE-2026-9084 WRITEUP MEDIUM WRITEUP
MISP OIDC authentication bypass via automatic email-based account linking under insecure IdP configurations
MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no stored sub value. Under insecure or untrusted IdP configurations where email ownership is not enforced, an attacker with a valid OIDC token could assert a victim’s email address and authenticate as that user, leading to account takeover.
CVE-2026-8080 WRITEUP MEDIUM WRITEUP
MISP core - Stored XSS in MISP template (old engine) element attribute type
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in misp allows Stored XSS. This issue affects MISP before 2.5.37. A stored cross-site scripting vulnerability exists in the template element attribute handling logic. The application accepted arbitrary values for the TemplateElementAttribute type and category fields without validating them against the known MISP attribute type and category definitions. An attacker with permission to create or modify template element attributes could store a crafted type value. This affects the old templating (not more accessible in 2.5.37) engine from MISP which will be removed in 2.5.38
CVSS 5.4
CVE-2026-39962 WRITEUP CRITICAL WRITEUP
LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.
CVSS 9.6
CVE-2026-39962 WRITEUP CRITICAL WRITEUP
LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled server variable instead of REMOTE_USER (such as in certain proxy setups). An attacker able to control that value can manipulate the LDAP search filter and potentially bypass authentication constraints or cause unauthorized LDAP queries. This vulnerability is fixed in 2.5.36.
CVSS 9.6
CVE-2021-36212 WRITEUP MEDIUM WRITEUP
MISP < 2.4.146 - Stored Cross-Site Scripting in Sharing Groups View
app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view.
CVSS 6.1
CVE-2021-39302 WRITEUP CRITICAL WRITEUP
MISP 2.4.148 - SQL Injection via Log.php $conditions['org'] Value
MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value.
CVSS 9.8
CVE-2022-27243 WRITEUP HIGH WRITEUP
MISP < 2.4.156 - Local File Inclusion via Custom Terms File Setting
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.
CVSS 7.8
CVE-2022-27245 WRITEUP HIGH WRITEUP
MISP < 2.4.156 - Server-Side Request Forgery via generateServerSettings
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.
CVSS 8.8
CVE-2022-27246 WRITEUP MEDIUM WRITEUP
MISP < 2.4.156 - Stored Cross-Site Scripting via SVG Org Logo Upload
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
CVSS 6.1
CVE-2023-37306 WRITEUP HIGH WRITEUP
MISP 2.4.172 - Sensitive Information Exposure via Certificate File Extension Error Messages
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
CVSS 7.5
CVE-2023-41098 WRITEUP MEDIUM WRITEUP
MISP 2.4.174 - Reflected Cross-Site Scripting via Dashboard Edit ID Parameter
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.
CVSS 6.1
CVE-2023-48655 WRITEUP CRITICAL WRITEUP
MISP < 2.4.176 - SQL Injection via Improper Filtering of Query Parameters
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.
CVSS 9.8
CVE-2023-48656 WRITEUP CRITICAL WRITEUP
MISP < 2.4.176 - SQL Injection via Order Parameter
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.
CVSS 9.8