Logo Upload Vulnerability in MISP Before 2.4.187

CVE-2024-29858

What is CVE-2024-29858?

In MISP versions prior to 2.4.187, the uploadLogo function in the OrganisationsController.php file lacks adequate checks for validating logo uploads. This oversight can result in potential security implications, as malicious uploads could compromise system integrity. Organizations utilizing affected versions should review their deployment and consider applying the necessary updates to mitigate risks associated with improper input validation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References