API Integrity Bug in MISP by MISP Project
CVE-2018-8949

4.3MEDIUM

Key Information:

Vendor: Misp-project
Status: Misp
Vendor: CVE Published:; 23 March 2018

🔔 Create Misp-project Vulnerability Alert

What is CVE-2018-8949?

A vulnerability exists in the MISP application due to an API integrity issue found in app/Model/Attribute.php prior to version 2.4.89. This flaw could enable unauthorized users to delete attributes from other users' events. By crafting a specific event edit that does not include attribute UUIDs but does include attribute IDs, it is possible to overwrite existing attributes, compromising the integrity of the event data.

References

https://github.com/MISP/MISP/commit/37720c38d6c617439df0a...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Mar 23, 2018

CVE-2018-8949 Data

JSON