MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity

fix: [security] changed menu_custom_right_link to CLI only 

- allows a malicious / hijacked admin account to embed malicious js in a global menu link otherwise
- as reported by Nils Putnins and Jeroen Pinoy from NCIA NCSC
pull/9764/head
iglocska 2024-06-04 10:55:37 +02:00
parent 07b6355815
commit 33a1eb6640
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Model/Server.php
View File

@ -6246,6 +6246,7 @@ class Server extends AppModel
'value' => null,
'type' => 'string',
'null' => true,
'cli_only' => true,
],
'menu_custom_right_link_html' => [
'level' => self::SETTING_OPTIONAL,