Lucene search

GoogleOSV:CVE-2023-48656

HistoryNov 17, 2023 - 5:15 a.m.

CVE-2023-48656

2023-11-1705:15:12

Google

osv.dev

misp

security issue

mishandling

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.3%

JSON

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

CPENameOperatorVersion
mispeq2.4.20
mispeq2.4.51
mispeq2.3.96
mispeq2.4.107
mispeq2.4.81
mispeq2.4.152
mispeq2.4.117
mispeq2.3.130
mispeq2.3.152
mispeq2.3.22

Name	Operator	Version
misp	eq	2.4.20
misp	eq	2.4.51
misp	eq	2.3.96
misp	eq	2.4.107
misp	eq	2.4.81
misp	eq	2.4.152
misp	eq	2.4.117
misp	eq	2.3.130
misp	eq	2.3.152
misp	eq	2.3.22

Rows per page:

1-10 of 3411

References

github.com/MISP/MISP/commit/d6ad402b31547c95280a6d8320f8f87a8f609074

github.com/MISP/MISP/compare/v2.4.175...v2.4.176

zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for OSV:CVE-2023-48656