← Retour aux CVEs
CVE-2017-14337
N/ADescription
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
Details CVE
Score CVSS v3.1N/A
Publie9/12/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0
Produits affectes
misp-project:misp
Faiblesses (CWE)
CWE-287
References
https://www.circl.lu/advisory/CVE-2017-14337/(cve@mitre.org)
https://github.com/MISP/MISP/commit/be111a470204a974c50682054c9c7d4b94396ed9(af854a3a-2127-422b-91ae-364da2661108)
https://www.circl.lu/advisory/CVE-2017-14337/(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.