MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
References
Link | Resource |
---|---|
https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908 | Patch |
https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-06-30T00:00:00
Updated: 2023-06-30T00:00:00
Reserved: 2023-06-30T00:00:00
Link: CVE-2023-37306
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-30T17:15:09.757
Modified: 2023-07-07T19:00:31.167
Link: CVE-2023-37306
JSON object: View
Redhat Information
No data.
CWE