Logo Upload Vulnerability in MISP Before 2.4.187
CVE-2024-29858

9.8CRITICAL

Key Information:

Vendor

MISP

Status
Misp
Vendor
CVE Published:
21 March 2024

What is CVE-2024-29858?

In MISP versions prior to 2.4.187, the uploadLogo function in the OrganisationsController.php file lacks adequate checks for validating logo uploads. This oversight can result in potential security implications, as malicious uploads could compromise system integrity. Organizations utilizing affected versions should review their deployment and consider applying the necessary updates to mitigate risks associated with improper input validation.

References

https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.