CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2024-57969: app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
4.3
CVSS
Description
app/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.
Classification
CVE ID: CVE-2024-57969
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products
Vendor: MISP
Product: MISP
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.04% (probability of being exploited)
EPSS Percentile: 11.99% (scored less or equal to compared to others)
EPSS Date: 2025-03-15 (when was this score calculated)
References
https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198https://github.com/MISP/MISP/commit/4f27f83a775aba4d3cca9255f69c3c9998b7df7f