Lucene search

GoogleOSV:CVE-2023-48657

HistoryNov 17, 2023 - 5:15 a.m.

CVE-2023-48657

2023-11-1705:15:12

Google

osv.dev

misp

vulnerability

filters

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.3%

JSON

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.

CPENameOperatorVersion
mispeq2.4.20
mispeq2.4.51
mispeq2.3.96
mispeq2.4.107
mispeq2.4.81
mispeq2.4.152
mispeq2.4.117
mispeq2.3.130
mispeq2.3.152
mispeq2.3.22

Name	Operator	Version
misp	eq	2.4.20
misp	eq	2.4.51
misp	eq	2.3.96
misp	eq	2.4.107
misp	eq	2.4.81
misp	eq	2.4.152
misp	eq	2.4.117
misp	eq	2.3.130
misp	eq	2.3.152
misp	eq	2.3.22

Rows per page:

1-10 of 3411

References

github.com/MISP/MISP/commit/08bd23281ead288de678de666ef43ed6de1899fc

github.com/MISP/MISP/compare/v2.4.175...v2.4.176

zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.3%

JSON

Related for OSV:CVE-2023-48657