CVE-2021-27904

An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
mispmisp
𝑥
≤ 2.4.139
𝑥
= Vulnerable software versions
References
https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64
https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64