CVE-2023-37306

Exploit

EPSS 0.25%
Veröffentlicht 30.06.2023 17:15:09
Zuletzt bearbeitet 21.11.2024 08:11:27
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Misp-project ≫ Malware Information Sharing Platform Version2.4.172

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.476

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908

Patch

https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-37306

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37306

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37306

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-37306