In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.

CWE: CWE-212 CWE-312

CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.1)


NVD – CVE-2021-31780
CVE – CVE-2021-31780

Link (max. 20) Quelle Tags MISC Patch Third Party Advisory VDB Entry MISC Exploit Third Party Advisory MISC Product Third Party Advisory CONFIRM Release Notes Third Party Advisory

Quelle: NVD – CVE-2021-31780
Datum Veröffentlichung: 2021-04-23T20:15Z, Datum letzte Änderung: 2021-05-05T20:06Z