Lucene search

[email protected]NVD:CVE-2022-48329

HistoryFeb 20, 2023 - 4:15 a.m.

CVE-2022-48329

2023-02-2004:15:11

CWE-755

[email protected]

web.nvd.nist.gov

misp

version

order parameter

attribute.php

galaxycluster.php

workflow.php

logablebehavior.php

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

51.9%

JSON

MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.

Affected configurations

NVD

Node

mispmispRange<2.4.166

References

github.com/MISP/MISP/commit/a73c1c461bc6f8a048eae92b5e99823afd892d1e

github.com/MISP/MISP/commit/afbe08d256d609eee5195c5b0003cfb723ae7af1

github.com/MISP/MISP/compare/v2.4.165...v2.4.166

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

51.9%

JSON

Related for NVD:CVE-2022-48329

cvelist1 cve1 prion1 osv1