iglocska

99 exploits Active since Sep 2016
CVE-2019-12794 WRITEUP MEDIUM WRITEUP
MISP 2.4.108 - Improper Privilege Management via Organization Admin Password Reset
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.
CVSS 6.6
CVE-2019-12868 WRITEUP HIGH WRITEUP
MISP 2.4.109 - Authenticated Remote Code Execution via PHAR Deserialization
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
CVSS 7.2
CVE-2019-16202 WRITEUP MEDIUM WRITEUP
MISP <2.4.115 - Privilege Escalation
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVSS 6.5
CVE-2019-19379 WRITEUP MEDIUM WRITEUP
MISP 2.4.118 - Unauthenticated Tag Restriction Bypass
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
CVSS 5.3
CVE-2019-9482 WRITEUP MEDIUM WRITEUP
MISP 2.4.102 - Authenticated Missing Authorization for Sighting Visibility
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
CVSS 5.3
CVE-2020-11458 WRITEUP MEDIUM WRITEUP
MISP < 2.4.124 - Authenticated Sensitive Data Exposure via Feed File Ingestion
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
CVSS 4.9
CVE-2020-13153 WRITEUP MEDIUM WRITEUP
MISP < 2.4.126 - Cross-Site Scripting in Resolved Attributes View
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
CVSS 6.1
CVE-2020-14969 WRITEUP HIGH WRITEUP
MISP 2.4.127 - Missing Authorization in Attribute RestSearch API
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute.
CVSS 7.5
CVE-2020-15711 WRITEUP HIGH WRITEUP
MISP < 2.4.129 - Cross-Site Request Forgery in Homepage Setting
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
CVSS 8.8
CVE-2020-24085 WRITEUP MEDIUM WRITEUP
MISP v2.4.128 - Cross-Site Scripting in UserSettingsController SetHomePage Path Parameter
A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.
CVSS 6.1
CVE-2020-28043 WRITEUP HIGH WRITEUP
MISP < 2.4.133 - Server-Side Request Forgery via REST Client use_full_path Parameter
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
CVSS 7.5
CVE-2020-8890 WRITEUP MEDIUM WRITEUP
MISP < 2.4.121 - Time-of-check Time-of-use Race Condition in Brute-Force Protection
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
CVSS 5.9
CVE-2020-8891 WRITEUP MEDIUM WRITEUP
MISP < 2.4.121 - Brute-Force Attack via Username Canonicalization Bypass
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
CVSS 5.9
CVE-2020-8892 WRITEUP HIGH WRITEUP
MISP < 2.4.121 - Brute-Force Protection Bypass via HTTP PUT Method
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
CVSS 8.1
CVE-2020-8894 WRITEUP MEDIUM WRITEUP
MISP < 2.4.121 - Access Control List Bypass in Discussion Threads
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVSS 6.5
CVE-2021-25323 WRITEUP CRITICAL WRITEUP
MISP 2.4.136 - Weak Password Recovery Mechanism
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
CVSS 9.1
CVE-2021-25324 WRITEUP MEDIUM WRITEUP
MISP 2.4.136 - Stored Cross-Site Scripting in Galaxy Cluster View
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp.
CVSS 6.1
CVE-2021-25325 WRITEUP MEDIUM WRITEUP
MISP 2.4.136 - Stored Cross-Site Scripting via Galaxy Cluster Element Values
MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs.
CVSS 6.1
CVE-2021-27904 WRITEUP MEDIUM WRITEUP
MISP < 2.4.139 - Unintended Sharing Group Access via 'all org' Flag
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
CVSS 5.5
CVE-2021-31780 WRITEUP HIGH WRITEUP
MISP 2.4.141 - Information Disclosure via Incorrect Sharing Group Association
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.
CVSS 7.5
CVE-2021-3184 WRITEUP MEDIUM WRITEUP
MISP 2.4.136 - Stored Cross-Site Scripting via User Homepage Favourite Button
MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.
CVSS 6.1
CVE-2021-41326 WRITEUP CRITICAL WRITEUP
MISP < 2.4.148 - OS Command Injection via Opendata Export Parameter
In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
CVSS 9.8
CVE-2022-25317 WRITEUP MEDIUM WRITEUP
cerebrate < 1.4 - Reflected Cross-Site Scripting in Form Descriptions
An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.
CVSS 6.1
CVE-2022-25318 WRITEUP MEDIUM WRITEUP
Cerebrate < 1.4 - Incorrect Authorization via Sharing Group ACL
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
CVSS 4.3
CVE-2022-25319 WRITEUP MEDIUM WRITEUP
cerebrate < 1.4 - Unauthenticated Endpoint Access via Open Prefix Bypass
An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.
CVSS 5.3