First published: Sun Sep 01 2024(Updated: )
In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MISP | <2.4.197 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-45509 has been assigned a medium severity rating due to improper access control in bookmark data.
To fix CVE-2024-45509, upgrade your MISP instance to a version greater than 2.4.196.
CVE-2024-45509 allows non-org admin users to access bookmarks data, potentially leading to data exposure.
Versions of MISP prior to 2.4.197 are affected by CVE-2024-45509.
Any user with non-org admin privileges may exploit CVE-2024-45509 to gain unauthorized access to bookmarks data.