CVE-2019-9482
First published: Fri Mar 01 2019(Updated: )
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MISP | =2.4.102 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2019-9482?
CVE-2019-9482 has been classified as a medium severity vulnerability due to the potential for unauthorized access to sensitive sightings.
How do I fix CVE-2019-9482?
To fix CVE-2019-9482, upgrade your MISP instance to a version later than 2.4.102 where the vulnerability has been addressed.
Who is affected by CVE-2019-9482?
Organizations using MISP version 2.4.102 may be affected, especially those with restrictive sighting settings.
What impacts does CVE-2019-9482 have on MISP users?
CVE-2019-9482 allows authenticated users to view sightings they should not have access to, compromising event confidentiality.
Is user authentication required to exploit CVE-2019-9482?
Yes, to exploit CVE-2019-9482, an attacker must have authenticated access to the MISP instance.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/misp
- canonical/misp
- version/misp/2.4.102