QSearchQSearch

CVE-2019-9482

5.3 MEDIUM

In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for

Published: 2019-03-01 · Last updated: 2026-06-22

Severity and scoring

CVSS
5.3 MEDIUM
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-862

Affected products

VendorProduct
misp-projectmisp

Description

In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-41326 In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call (9.8 CRITICAL)
  • CVE-2021-39302 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value (9.8 CRITICAL)
  • CVE-2021-37743 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format (5.4 MEDIUM)
  • CVE-2021-37742 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships (5.4 MEDIUM)
  • CVE-2021-37534 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster (5.4 MEDIUM)

Same CWE

  • CVE-2026-12105 Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplicat...
  • CVE-2026-53866 OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in shell inline-command parsing that allows authenticated operators ... (8.1 HIGH)
  • CVE-2026-53851 OpenClaw before 2026.5.12 contains a notification bypass vulnerability allowing Slack reaction events to enter the agent pipeline despite... (5.3 MEDIUM)
  • CVE-2026-53850 OpenClaw before 2026.4.25 contains a control scope enforcement bypass vulnerability in the focus command that allows authenticated caller... (5.5 MEDIUM)
  • CVE-2026-53844 OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated call... (6.5 MEDIUM)