Cerebrate - Endpoints could be open when not enabled | Web Application Security Testing

DATE

18.02.2022

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

Cerebrate – Open-source platform meant to act as a trusted contact information provider and interconnection orchestrator for other security tools (such as MISP)

Vulnerable version

1.4

Fixed version

1.5

CVSS

5.3 Medium CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Recommendations

Update to Cerebrate version 1.5

Vulnerability details

An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.

CVE

CVE-2022-25319

Credits

Dawid Czarnecki

References

https://github.com/cerebrate-project/cerebrate/commit/a2632349175e574cd6305fa459cd7610ea09ab61
https://nvd.nist.gov/vuln/detail/CVE-2022-25319

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

Have Any Questions?

Cerebrate – Endpoints could be open when not enabled

NEED A CONSULTATION?

contact@zigrin.com

GPG Key

Get a free consultation