We are reliable, trustworthy, and ready for challenges! Hire Us
Cerebrate – An incorrect sharing group ACL
- Home
- Advisories
- Cerebrate – An incorrect sharing group ACL
DATE
18.02.2022
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
Cerebrate – Open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP)
Vulnerable version
1.4
Fixed version
1.5
CVSS
4.3 Medium CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Recommendations
Update to Cerebrate version 1.5
Vulnerability details
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an unprivileged user to edit and modify sharing groups.
CVE
CVE-2022-25318
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.