Lucene search

K

GoogleOSV:CVE-2022-29534

HistoryApr 20, 2022 - 11:15 p.m.

CVE-2022-29534

2022-04-2023:15:08

Google

osv.dev

2

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.6%

An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an “Accept: application/json” header.

CPENameOperatorVersion
mispeq2.4.54
mispeq2.4.96
mispeq2.4.125
mispeq2.3.78
mispeq2.3.141
mispeq2.4.59
mispeq2.4.49
mispeq2.4.107
mispeq2.3.158
mispeq2.4.95

Rows per page:

1-10 of 3231

References

github.com/MISP/MISP/commit/01120163a6b4d905029d416e7305575df31df8af

github.com/MISP/MISP/compare/v2.4.157...v2.4.158

zigrin.com/advisories/misp-password-confirmation-can-be-bypassed/

zigrin.com/cakephp-application-cybersecurity-research-the-impact-of-a-php-vulnerability-exploring-the-password-confirmation-bypass-in-misp/

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.6%

Related for OSV:CVE-2022-29534

prion1 cve1 cvelist1 nvd1