3 matches found
CVE-2022-42724
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names this is information that only the site admin should have...
CVE-2022-42724
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names this is information that only the site admin should have...
CVE-2022-42724
CVE-2022-42724 affects MISP up to version 2.4.164. A flaw in app/Controller/UsersController.php allows an attacker to disclose role names that should be admin‑only, resulting in information disclosure. Affected software: MISP prior to 2.4.164. Root cause: improper protection of sensitive role inf...