CVE-2017-14337

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-14337

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14337.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-14337

Published

2017-09-12T16:29:00.177Z

Modified

2026-04-10T03:57:08.564714Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.

References

Affected packages

Git / github.com/misp/misp

Affected ranges

Type

GIT

Repo

https://github.com/misp/misp

Events

Introduced

Last affected

4ba21c5770c64998712187c2b48aa502bfd84a6c

Fixed

be111a470204a974c50682054c9c7d4b94396ed9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.79"
        }
    ]
}

Affected versions

v0.*

v0.2

v2.*

v2.3.0

v2.4.0

v2.4.1

v2.4.10

v2.4.11

v2.4.13

v2.4.14

v2.4.15

v2.4.16

v2.4.17

v2.4.18

v2.4.2

v2.4.20

v2.4.21

v2.4.22

v2.4.23

v2.4.24

v2.4.25

v2.4.26

v2.4.27

v2.4.3

v2.4.34

v2.4.35

v2.4.36

v2.4.37

v2.4.38

v2.4.39

v2.4.4

v2.4.43

v2.4.45

v2.4.46

v2.4.47

v2.4.48

v2.4.5

v2.4.50

v2.4.51

v2.4.52

v2.4.53

v2.4.54

v2.4.56

v2.4.57

v2.4.58

v2.4.59

v2.4.60

v2.4.61

v2.4.62

v2.4.63

v2.4.64

v2.4.65

v2.4.7

v2.4.78

v2.4.79

v2.4.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14337.json"