CVE-2023-37306

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-37306
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37306.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-37306
Published
2023-06-30T17:15:09.757Z
Modified
2026-04-10T04:59:11.849645Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.

References

Affected packages

Git / github.com/misp/misp

Affected ranges

Type
GIT
Repo
https://github.com/misp/misp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
19e969892fc9c3765456a5f491af392e7d20adeb
Fixed
f125630c1c2d0f5d11079d3653ab7bb2ab5cd908
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.172"
        }
    ]
}

Affected versions

Other
codename/tellurium
rm
v0.*
v0.2
v2.*
v2.3.0
v2.4.0
v2.4.1
v2.4.10
v2.4.100
v2.4.101
v2.4.102
v2.4.106
v2.4.107
v2.4.109
v2.4.11
v2.4.110
v2.4.111
v2.4.118
v2.4.120
v2.4.121
v2.4.122
v2.4.123
v2.4.125
v2.4.127
v2.4.128
v2.4.13
v2.4.130
v2.4.133
v2.4.134
v2.4.136
v2.4.137
v2.4.14
v2.4.15
v2.4.152
v2.4.153
v2.4.16
v2.4.17
v2.4.171
v2.4.172
v2.4.18
v2.4.2
v2.4.20
v2.4.21
v2.4.22
v2.4.23
v2.4.24
v2.4.25
v2.4.26
v2.4.27
v2.4.3
v2.4.34
v2.4.35
v2.4.36
v2.4.37
v2.4.38
v2.4.39
v2.4.4
v2.4.43
v2.4.45
v2.4.46
v2.4.47
v2.4.48
v2.4.5
v2.4.50
v2.4.51
v2.4.52
v2.4.53
v2.4.54
v2.4.56
v2.4.57
v2.4.58
v2.4.59
v2.4.60
v2.4.61
v2.4.62
v2.4.63
v2.4.64
v2.4.65
v2.4.7
v2.4.78
v2.4.80
v2.4.82
v2.4.83
v2.4.85
v2.4.86
v2.4.87
v2.4.88
v2.4.89
v2.4.9
v2.4.91
v2.4.93
v2.4.94
v2.4.95
v2.4.96
v2.4.98

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37306.json"