Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

engitech@oceanthemes.net

+1 -800-456-478-23

DATE

20.04.2022

Affected Vendor

CIRCL – Computer Incident Response Center Luxembourg

Affected Product

MISP – Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/

Vulnerable version

2.4.157

Fixed version

2.4.158

Recommendations

Update to MISP version 2.4.158

Vulnerability details

An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur allowing authenticated users to execute code on the MISP operating system.

This vulnerability includes multiple phar deserialization occurrences that could be exploited in various places.

The most dangerous occurrence was fixed in version 2.4.157.

CVE

CVE-2022-29528

Credits

Dawid Czarnecki
Ianis Bernard from NATO Cyber Security Centre

Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.

NEED A CONSULTATION?