CVE-2024-46918

4.9

Medium

Published:15 Sep 2024

Last updated:17 Jun 2026

Source:cve@mitre.org

Modified

Weakness (CWE)

CWE-863Incorrect Authorization

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

View on MITRE Find PoC on GitHub

Description

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.

References

cve@mitre.org

https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa

cve@mitre.org

https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198