CVE-2021-31780

Beschreibung:
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.

CWE: CWE-212 CWE-312

CVSS-Bewertung
CVSS 2: MEDIUM – 5 (Version: 2.0)
CVSS 3: HIGH – 7.5 (Version: 3.1)

Links:

NVD – CVE-2021-31780
CVE – CVE-2021-31780

Link (max. 20) Quelle Tags
https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478 MISC Patch Third Party Advisory VDB Entry
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28765 MISC Exploit Third Party Advisory
https://www.sipwise.com MISC Product Third Party Advisory
https://github.com/dramforever/vscode-ghc-simple/blob/master/CHANGELOG.md#v023 CONFIRM Release Notes Third Party Advisory

Quelle: NVD – CVE-2021-31780
Datum Veröffentlichung: 2021-04-23T20:15Z, Datum letzte Änderung: 2021-05-05T20:06Z