We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – PHAR deserialization
- Home
- Advisories
- MISP – PHAR deserialization
DATE
20.04.2022
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.157
Fixed version
2.4.158
CVSS
9.8 Critical CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Recommendations
Update to MISP version 2.4.158
Vulnerability details
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur allowing authenticated users to execute code on the MISP operating system.
This vulnerability includes multiple phar deserialization occurrences that could be exploited in various places.
The most dangerous occurrence was fixed in version 2.4.157.
CVE
CVE-2022-29528
Credits
Dawid Czarnecki
Ianis Bernard from NATO Cyber Security Centre
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.