Lucene search

[email protected]CVE-2023-37306

HistoryJun 30, 2023 - 5:15 p.m.

CVE-2023-37306

2023-06-3017:15:09

CWE-209

[email protected]

web.nvd.nist.gov

cve-2023

misp

security

certificate

server sync

sensitive information

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

Affected configurations

NVD

Node

misp-projectmalware_information_sharing_platformMatch2.4.172

CPENameOperatorVersion
misp-project:malware_information_sharing_platformmisp-project malware information sharing platformeq2.4.172

CPE	Name	Operator	Version
misp-project:malware_information_sharing_platform	misp-project malware information sharing platform	eq	2.4.172

References

github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908

www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.4%

JSON

Related for CVE-2023-37306

prion1 nvd1 osv1 cvelist1