Server Sync Vulnerability in MISP by MISP Project
CVE-2023-37306

7.5HIGH

Key Information:

Vendor: Misp-project
Status: Malware Information Sharing Platform
Vendor: CVE Published:; 30 June 2023

🔔 Create Misp-project Vulnerability Alert

What is CVE-2023-37306?

The MISP 2.4.172 version contains a flaw in its handling of different certificate file extensions during the server synchronization process. This vulnerability may allow an attacker to extract sensitive information due to improper error message management. The nature of these error messages presents an opportunity for unauthorized data retrieval, highlighting the need for enhanced security measures in handling certificate file operations.

References

https://www.synacktiv.com/publications/php-filter-chains-...

https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2023
Vulnerability Reserved
Jun 30, 2023

CVE-2023-37306 Data

JSON