Unintended View Access Vulnerability in MISP 2.4.139 Sharing Groups Implementation
CVE-2021-27904 · MEDIUM Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.
Learn more about our Cis Benchmark Audit For Server Software.