Privilege Escalation Vulnerability in MISP Versions Prior to 2.4.115

Privilege Escalation Vulnerability in MISP Versions Prior to 2.4.115

CVE-2019-16202 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.

Learn more about our Web Application Penetration Testing UK.