Arbitrary User Access Vulnerability in MISP before 2.4.80 with X.509 Certificate Authentication and Non-MISP External User Management ReST API
CVE-2017-14337 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
Learn more about our Api Penetration Testing.