CVE-2024-46918

EUVD-2024-42147
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
mispmisp
𝑥
< 2.4.198
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
mispmisp
𝑥
< 2.4.198
ADP
Common Weakness Enumeration
References
https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198