Security Advisory

CVE-2018-8949

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-03-23 17:00:00

Last updated 2024-09-16 17:28:15

Assigner mitre

State PUBLISHED

Description

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.

← Browse all CVEs View on cve.org ↗