Vulnerability Details : CVE-2019-16202
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
Vulnerability category: Gain privilege
Products affected by CVE-2019-16202
- cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-16202
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-16202
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2019-16202
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-16202
-
https://github.com/MISP/MISP/compare/v2.4.114...v2.4.115
Comparing v2.4.114...v2.4.115 · MISP/MISP · GitHubPatch;Third Party Advisory
-
https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f
fix: [security] Fix to a vulnerability related to the server index · MISP/MISP@75acd63 · GitHubPatch;Third Party Advisory
-
https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/
CVE-2019-16202 - Excellium ServicesThird Party Advisory
Jump to