CVE-2023-37306
published 2023-06-30CVE-2023-37306: MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.44%
35.5th percentile
MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| misp-project | misp | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oraclehttps://github.com/MISP/MISP/commit/f125630c1c2d0f5d11079d3653ab7bb2ab5cd908https://www.synacktiv.com/publications/php-filter-chains-file-read-from-error-based-oracle
2023-06-30
Published