Lucene search

GoogleOSV:CVE-2023-37306

HistoryJun 30, 2023 - 5:15 p.m.

CVE-2023-37306

2023-06-3017:15:09

Google

osv.dev

misp 2.4.172

certificate file

server sync

sensitive information

attacker

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.2%

JSON

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

CPENameOperatorVersion
mispeq2.4.20
mispeq2.4.51
mispeq2.3.96
mispeq2.4.107
mispeq2.4.81
mispeq2.4.152
mispeq2.4.117
mispeq2.3.130
mispeq2.3.152
mispeq2.3.22

Name	Operator	Version
misp	eq	2.4.20
misp	eq	2.4.51
misp	eq	2.3.96
misp	eq	2.4.107
misp	eq	2.4.81
misp	eq	2.4.152
misp	eq	2.4.117
misp	eq	2.3.130
misp	eq	2.3.152
misp	eq	2.3.22

Rows per page:

1-10 of 3381

References

github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908

www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.2%

JSON

Related for OSV:CVE-2023-37306