CVE-2021-31780
First published: Fri Apr 23 2021(Updated: )
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Misp Misp | =2.4.141 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this MISP vulnerability?
The vulnerability ID is CVE-2021-31780.
What is the severity of CVE-2021-31780?
The severity of CVE-2021-31780 is high with a CVSS score of 7.5.
How does CVE-2021-31780 in MISP 2.4.141 occur?
CVE-2021-31780 in MISP 2.4.141 occurs due to an incorrect sharing group association that can lead to information disclosure on an event edit.
How can CVE-2021-31780 be exploited?
CVE-2021-31780 can be exploited by associating an object with a sharing group during an event edit and reusing the passed local ID.
Is there a fix for CVE-2021-31780 in MISP 2.4.141?
Yes, a fix for CVE-2021-31780 in MISP 2.4.141 is available in the commit a0f08501d2850025892e703f40fb1570c7995478 on the official MISP GitHub repository.
- collector/nvd-index
- vendor/misp
- canonical/misp misp
- version/misp misp/2.4.141