Lucene search

[email protected]CVE-2019-16202

HistorySep 10, 2019 - 2:15 p.m.

CVE-2019-16202

2019-09-1014:15:10

CWE-269

[email protected]

web.nvd.nist.gov

misp

privilege escalation

security vulnerability

cve-2019-16202

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a “This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)” message.

Affected configurations

NVD

Node

mispmispRange<2.4.115

CPENameOperatorVersion
misp:mispmisplt2.4.115

CPE	Name	Operator	Version
misp:misp	misp	lt	2.4.115

References

excellium-services.com/cert-xlm-advisory/cve-2019-16202/

github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f

github.com/MISP/MISP/compare/v2.4.114...v2.4.115

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

41.6%

JSON

Related for CVE-2019-16202

osv1 cvelist1 prion1 nvd1