Sensitive Information Disclosure in MISP 2.4.172 Server Sync

Sensitive Information Disclosure in MISP 2.4.172 Server Sync

CVE-2023-37306 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

Learn more about our Cis Benchmark Audit For Server Software.