2 matches found
CVE-2017-14337
When MISP before 2.4.80 is configured with X.509 certificate authentication CertAuth in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access ...
CVE-2017-14337
CVE-2017-14337 affects MISP prior to 2.4.80. When CertAuth via X.509 is used together with a non-MISP external user management REST API, and that API returns an empty value for an external user, an unauthenticated user can be granted access as an arbitrary user. Evidence across connected records ...