Unintended View Access Vulnerability in MISP 2.4.139 Sharing Groups Implementation

Unintended View Access Vulnerability in MISP 2.4.139 Sharing Groups Implementation

CVE-2021-27904 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.

Learn more about our Cis Benchmark Audit For Server Software.