CVE-2021-27904

EUVD-2021-14639
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
mispmisp
𝑥
≤ 2.4.139
𝑥
= Vulnerable software versions
References
https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64
https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64