Credentials management in misp-project MISP
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-12794 |
| CWE-ID | CWE-255 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MISP Web applications / CMS |
| Vendor | misp-project.org |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Credentials management
EUVDB-ID: #VU35833
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-12794
CWE-ID:
CWE-255 - Credentials Management
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to execute arbitrary code.
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.
MitigationInstall update from vendor's website.
Vulnerable software versionsMISP: 2.4.108
External linkshttp://github.com/MISP/MISP/commit/36b43f1306873cff87b7aa30cdc1a30b38c9c16a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
