CVE-2018-8949
First published: Fri Mar 23 2018(Updated: )
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Misp-project Misp | <2.4.89 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-8949?
CVE-2018-8949 is a vulnerability in MISP before version 2.4.89 that allows users to delete attributes of other events.
How severe is CVE-2018-8949?
CVE-2018-8949 has a severity rating of 4.3, which is considered medium.
What is the affected software for CVE-2018-8949?
The affected software for CVE-2018-8949 is MISP before version 2.4.89.
How can CVE-2018-8949 be fixed?
CVE-2018-8949 can be fixed by updating MISP to version 2.4.89 or later.
Is there any reference for CVE-2018-8949?
Yes, there is a reference available for CVE-2018-8949. You can find it at this link: https://github.com/MISP/MISP/commit/37720c38d6c617439df0a13e9396fcb26345dadd
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/misp-project
- canonical/misp-project misp