CVE-2021-31780

HIGH
Published Apr 23, 20215y ago · Modified Jun 22, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Apr 23, 2021 5y ago
Last Modified Jun 22, 2026 1w ago

Description

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-212

Affected Products 1

VendorProductVersionRange
misp-projectmisp2.4.141any

References 1

  • github.com https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478
    PatchThird Party Advisory