CVE-2021-31780 — HIGH (7.5)

Vulnerability Description

In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Misp	Misp	2.4.141

Related Weaknesses (CWE)

CWE-212

References

https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478PatchThird Party Advisory
https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478PatchThird Party Advisory

FAQ

What is CVE-2021-31780?

CVE-2021-31780 is a vulnerability with a CVSS score of 7.5 (HIGH). In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event e...

How severe is CVE-2021-31780?

CVE-2021-31780 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31780?

Check the references section above for vendor advisories and patch information. Affected products include: Misp Misp.