Back to search
CVE-2017-14337
Published: Sep 12, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9
x_refsource_CONFIRM
https://www.circl.lu/advisory/CVE-2017-14337/
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now