CVE-2024-46918

MEDIUM EPSS 34.9%
Published Sep 15, 20241y ago · Modified Jun 22, 20261w ago
4.9 CVSS 3.1
Medium
Find Similar
Published Sep 15, 2024 1y ago
Last Modified Jun 22, 2026 1w ago

Description

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.

CVSS Details

Base Score
4.9
Exploitability
1.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
34.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
misp-projectmisp* <2.4.198

References 2

  • github.com https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
    Patch
  • github.com https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198
    Patch

Remediation

  • github.com https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
    Patch
  • github.com https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198
    Patch