ID CVE-2018-8949
Summary An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.
References
Vulnerable Configurations
  • cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*
    cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 19-04-2018 - 19:21)
Impact:
Exploitability:
CWE CWE-749
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:P
refmap via4
confirm https://github.com/MISP/MISP/commit/37720c38d6c617439df0a13e9396fcb26345dadd
Last major update 19-04-2018 - 19:21
Published 23-03-2018 - 17:29
Last modified 19-04-2018 - 19:21
Back to Top