CVE-2024-45509

MEDIUM EPSS 31.4%
Published Sep 1, 20241y ago · Modified Jun 22, 20261w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Sep 1, 2024 1y ago
Last Modified Jun 22, 2026 1w ago

Description

In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
31.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-284
CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
misp-projectmisp* <2.4.197

References 1

  • github.com https://github.com/MISP/MISP/commit/3f3b9a574f349182a545636e12efa39267e9db04
    Patch

Remediation

  • github.com https://github.com/MISP/MISP/commit/3f3b9a574f349182a545636e12efa39267e9db04
    Patch