CVE-2024-25675

CRITICAL

MISP <2.4.184 - Info Disclosure

Title source: llm

Description

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.

References (2)

[Patch] https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594

View Patch ZIP pw:eip

[Release Notes] https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184

Scores

CVSS v3 9.8

EPSS 0.0014

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-749

Status published

Products (1)

misp/misp < 2.4.184

Published Feb 09, 2024

Tracked Since Feb 18, 2026