CVE Details
ID CVE-2019-19379
Summary In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
References
Vulnerable Configurations
  • cpe:2.3:a:misp:misp:2.4.118:*:*:*:*:*:*:*
    cpe:2.3:a:misp:misp:2.4.118:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 24-08-2020 - 17:37)
Impact: 2.9
Exploitability:10.0
CWE NVD-CWE-noinfo
CAPEC Click the CAPEC title to display a description
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
CVSS v3.1
Base: 5.3 (as of 24-08-2020 - 17:37)
Impact: 1.4
Exploitability:3.9
Exploitability v3.1
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED NONE
Impact v3.1
ConfidentialityIntegrityAvailability
NONE LOW NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
cvss3-vector via4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
refmap via4
misc https://github.com/MISP/MISP/commit/e05dc512a437284f14624da23cca4a829a76aebf
Last major update 24-08-2020 - 17:37
Published 28-11-2019 - 17:15
Last modified 24-08-2020 - 17:37