CVE-2017-16946
NONE EPSS 60.8%
Published Nov 25, 20178y ago · Modified Jun 22, 20261w ago
Published Nov 25, 2017 8y ago
Last Modified Jun 22, 2026 1w ago
Description
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
Threat Intelligence
EPSS Exploit Probability
60.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-532
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| misp-project | misp | 2.4.82 | any |
References 1
- github.com https://github.com/MISP/MISP/commit/7d5890b2fc63285f010d5845913894dd71cf232c
Remediation
- github.com https://github.com/MISP/MISP/commit/7d5890b2fc63285f010d5845913894dd71cf232c