CVE-2023-37306

CVE-2023-37306

EPSS 0.4%

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908 https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle