CVE-2024-46918

EUVD-2024-42147
app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
mispmisp
𝑥
< 2.4.198
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa
https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198