2 matches found
CVE-2019-12794
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins organization admins have the inherent ability to reset passwords for all of their organization's users. This, however, could be abused in a situation where the host organization of an instance...
CVE-2019-12794
The CVE concerns MISP 2.4.108 where organization admins can reset credentials for site admins, enabling credential abuse when host organizations create lower-privilege admins. An org admin could manually set a site admin password or use the site admin’s API key to impersonate them, with abuse res...