CVE-2023-37306

CVE-2023-37306

EPSS 0.4%

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908 https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle