本ページは misp-project misp に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-24028 | In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. | [email protected] | 9.8 | 0.34% | 2023-01-20 | 2025-04-03 |
| CVE-2023-24026 | In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. | [email protected] | 6.1 | 0.23% | 2023-01-20 | 2025-04-02 |
| CVE-2018-11245 | app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes. | [email protected] | 6.1 | 0.24% | 2018-05-18 | 2024-11-21 |
| CVE-2018-8949 | An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute. | [email protected] | 4.3 | 0.19% | 2018-03-23 | 2024-11-21 |
| CVE-2018-8948 | In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module. | [email protected] | 6.1 | 0.24% | 2018-03-23 | 2024-11-21 |
| CVE-2017-16802 | In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | [email protected] | 5.4 | 0.19% | 2017-11-13 | 2026-05-13 |
| CVE-2017-15216 | MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js. | [email protected] | 6.1 | 0.27% | 2017-10-10 | 2026-05-13 |
| CVE-2017-14337 | When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user. | [email protected] | 8.1 | 0.62% | 2017-09-12 | 2026-05-13 |