Description
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/MISP/MISP/commit/164963100a830234744a6004d5eda55d24e97b2a
Patch, Third Party Advisory x_refsource_misc
https://github.com/MISP/MISP/compare/v2.4.131...v2.4.132
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
46.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
misp/misp
< 2.4.132
Published
Sep 18, 2020
Tracked Since
Feb 18, 2026