The adminedit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enablepassword field, which allows admins to discover a hashed password by reading the audit log.
{ "versions": [ { "introduced": "0" }, { "last_affected": "2.4.82" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16946.json"