CVE-2019-16202 Information

Description

MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115 escalation attempts are blocked by the __checkLoggedActions function with a \This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (2.4.115)\ message.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/ https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f https://github.com/MISP/MISP/compare/v2.4.114…v2.4.115

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5