CVE-2022-42724
First published: Mon Oct 10 2022(Updated: )
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Misp-project Malware Information Sharing Platform | <2.4.164 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-42724.
What is the severity of CVE-2022-42724?
The severity of CVE-2022-42724 is medium.
How can an attacker exploit CVE-2022-42724?
CVE-2022-42724 allows attackers to discover role names that should only be known by the site admin.
Which version of MISP is affected by CVE-2022-42724?
MISP versions up to and excluding 2.4.164 are affected by CVE-2022-42724.
Is there a patch available for CVE-2022-42724?
Yes, a patch is available for CVE-2022-42724. Please refer to the following reference for more information: [GitHub Commit](https://github.com/MISP/MISP/commit/934b9cd4fc6d6378ad349ea630ad9f1319ac82f5).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/misp-project
- canonical/misp-project malware information sharing platform