CVE-2021-31780

EUVD-2021-18661
In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
mispmisp
2.4.141
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478
https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478