Executive Summary



This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
Informations
NameCVE-2018-19908First vendor Publication2018-12-06
VendorCveLast vendor Modification2018-12-06

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreNot DefinedAttack RangeNot Defined
Cvss Impact ScoreNot DefinedAttack ComplexityNot Defined
Cvss Expoit ScoreNot DefinedAuthenticationNot Defined
Calculate full CVSS 2.0 Vectors scores

Detail

An issue was discovered in MISP 2.4.9x before 2.4.99. In app/Model/Event.php (the STIX 1 import code), an unescaped filename string is used to construct a shell command. This vulnerability can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19908

Sources (Detail)

SourceUrl
MISC https://github.com/MISP/MISP/commit/211ac0737281b65e7da160f0aac52f401a94e1a3
https://github.com/MISP/MISP/releases/tag/v2.4.99

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2018-12-06 21:19:30
  • First insertion