CVE-2021-25323
First published: Tue Jan 19 2021(Updated: )
The default setting of MISP 2.4.136 did not enable the requirements (aka require_password_confirmation) to provide the previous password when changing a password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Misp Misp | =2.4.136 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue with MISP?
The vulnerability ID for this issue with MISP is CVE-2021-25323.
What is the severity of CVE-2021-25323?
The severity of CVE-2021-25323 is critical with a CVSS score of 9.1.
What is the affected software version of CVE-2021-25323?
The affected software version of CVE-2021-25323 is MISP 2.4.136.
What is the description of CVE-2021-25323?
CVE-2021-25323 is a vulnerability in MISP 2.4.136 that does not enable the requirements to provide the previous password when changing a password.
Is there a fix or patch available for CVE-2021-25323?
Yes, a fix has been implemented in MISP 2.4.136. Users are advised to update to the latest version of MISP to mitigate this vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/misp
- canonical/misp misp
- version/misp misp/2.4.136