CVE-2021-31780

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
mispmisp
2.4.141
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478
https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478