MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
23,726 Commits
33 Branches
364 Tags
185 MiB
Commit Graph

517 Commits (a7905b40cededa7fb54e2c735b8196c9aae03f94)

Author SHA1 Message Date
Christophe Vandeplas 9115a30423 minor code cosmetic fix 2023-01-06 09:19:36 +01:00
Jakub Onderka 35e15a5220 chg: [mail] Allow to unsubscribe from notification emails 2022-12-15 10:05:13 -05:00
iglocska b6a2c854a4
new: [session killswitch] added endpoint to kill existing sessions for a user 
- required for integration in MeliCERTes II
 2022-12-01 14:07:48 +01:00
Christophe Vandeplas 192ed311b9 fix: [remote_ip] respect MISP.log_client_ip_header everywhere fixes #8781 2022-11-28 14:08:11 +01:00
Jakub Onderka 7d0af6918a fix: [UI] Statistics EventTag call 2022-11-02 10:49:24 +01:00
Andras Iklody 2497369374
fix: [statistics] do not divide correlation count by 2 - no longer needed 
We're only storing 1 row / correlation since the engine rework

- As reported by @github-germ
 2022-11-01 09:29:58 +01:00
Jakub Onderka 0b775c77a2 fix: [internal] Cleanup code for UserController 2022-10-23 10:08:56 +02:00
Jakub Onderka 547e17624e chg: [internal] Normalize user fetching for admins 2022-10-22 17:18:52 +02:00
Jakub Onderka b4bcbfe103 chg: [internal] Use JsonTool more often 2022-10-19 10:11:37 +02:00
Jakub Onderka 7cd1ed76ce chg: [internal] Use specific controller version of jsonDecode 2022-10-10 22:07:25 +02:00
Jakub Onderka 82698a5fa0
Merge pull request #8518 from JakubOnderka/disable-key-fetching 
new: [UI] Allow to disable PGP key fetching
 2022-10-06 17:23:41 +02:00
Luciano Righetti 37a794fc57
Merge pull request #8640 from righel/no-change-pwd-custom-auth 
chg: do not ask users for pass change if custom_auth is required via …
 2022-10-06 10:03:15 +02:00
Luciano Righetti c8fa2fc7a4
fix: cs 2022-10-06 10:00:40 +02:00
Luciano Righetti 6f01920179
fix: check for both rest and non rest requests 2022-10-06 09:59:47 +02:00
Sami Mokaddem 934b9cd4fc
security: [user] Fixing disclosure of roles name to non-site admin users and ensure user edit applies the restricted_to_site_admin option 
This vulnerability with a default MISP installation without additional roles is disclosing list of role name which were restricted to the site admin. This commit fixes this disclosure vulnerability.

In addition for MISP installation with custom roles, an org admin user could create a user assigned to new custom roles which were restricted to site admin. This could lead to the access of complementary permissions (except site admin, org admin and sync actions).

Credits: CIRCL
 2022-10-06 09:48:08 +02:00
Luciano Righetti 09ab8d67a4
chg: do not ask users for pass change if custom_auth is required via external auth header 2022-10-05 11:15:24 +02:00
Jakub Onderka f661204ed1
Merge pull request #8593 from JakubOnderka/fix-periodic-extract 
fix: [internal] Extracting periodic setting for user
 2022-09-20 18:48:22 +02:00
Jakub Onderka d4300f6b74 fix: [UI] Periodic summary 2022-09-20 16:33:50 +02:00
Jakub Onderka 760240eade fix: [UI] Notification settings 2022-09-20 15:43:02 +02:00
Jakub Onderka cb6f10fd69 chg: [internal] Change method name User::{extractPeriodicSettingForUser->fetchPeriodicSettingForUser} 2022-09-20 13:43:35 +02:00
Jakub Onderka 5204be7a7d fix: [internal] Refresh session after notification change 2022-09-20 13:42:14 +02:00
Jakub Onderka 5874633a77 fix: [internal] Extracting periodic setting for user 2022-09-20 13:02:01 +02:00
Jakub Onderka c0313b9c37 fix: [internal] Respect `Security.hide_organisation_index_from_users` setting 2022-09-20 10:29:07 +02:00
Sami Mokaddem c7e80e399d
chg: [users:edit] Added support of notification_* 2022-09-09 14:21:06 +02:00
Sami Mokaddem e89698f301
fix: [periodic_notification] Correctly pass period filter to event fetcher 2022-09-09 10:49:06 +02:00
Sami Mokaddem bf39655c26
chg: [periodic_notification] Improved report and parametrized tags for trending 2022-09-08 14:54:04 +02:00
Sami Mokaddem 90cab66b86
chg: [user:saveNotificationSettings] Make sure tags filter is a valid json 2022-09-07 09:38:31 +02:00
Sami Mokaddem f2ff91ee35
chg: [users] Removed useless constant 2022-08-31 15:44:36 +02:00
Sami Mokaddem 7cd3b35d61
chg: [user:periodic_notification] General improvements and added CLI support 2022-08-31 11:51:36 +02:00
Sami Mokaddem 894724a805
chg: [users:edit] Allow admins to edit periodic notification subscriptions 2022-08-30 14:53:06 +02:00
Sami Mokaddem 3338e1abef
chg: [user:periodic_notification] Added templates, basic statistics and UI integration 2022-08-30 14:10:01 +02:00
Sami Mokaddem 279f33bc4a
chg: [user:periodicNotification] Dev cont. 2022-08-29 12:06:42 +02:00
Sami Mokaddem 8db8cbd398
new: [user:periodicNotification] Started development of system allowing users to receive period notifications by email 2022-08-29 09:03:42 +02:00
iglocska c764bb0e8f
Merge branch 'log_last_api' into develop 2022-08-11 09:36:30 +02:00
Tom King de351faaac new: [internal] Add option to log last API request 2022-08-01 15:02:49 +01:00
Jakub Onderka 62926da1a3 new: [UI] Allow to disable PGP key fetching 2022-07-29 18:06:45 +02:00
Jakub Onderka 21f5f52988 chg: [internal] Unsubscribe code 2022-06-07 15:07:28 +02:00
Jakub Onderka c46fd203a9 new: [email] Unsubscribe 2022-06-06 18:09:46 +02:00
Jakub Onderka ccef2e4de2 chg: [internal] Cleanup code for statistics 2022-05-22 20:20:07 +02:00
Jakub Onderka 073bc4f74c fix: [UI] Warning when fetching PGP key 2022-05-22 19:59:11 +02:00
Jakub Onderka 8a4f402bf8 fix: [internal] Sending admin emails 2022-05-13 13:27:26 +02:00
Jakub Onderka 5e37283f6c chg: [internal] Cleanup code for adding and editing users 2022-05-11 16:25:46 +02:00
Jakub Onderka dba9d60ed9
Merge pull request #8180 from JakubOnderka/event_alert_default_enabled 
new: [test] MISP.default_publish_alert
 2022-05-07 12:48:54 +02:00
Jakub Onderka ece53cf11d new: [test] MISP.default_publish_alert 2022-05-07 12:39:29 +02:00
Jakub Onderka 5371623ad7 fix: [UI] Terms and Conditions 2022-05-07 11:46:13 +02:00
Jakub Onderka 9827449a37 chg: [UI] Asset loader for statistics 2022-05-02 10:05:05 +02:00
Jakub Onderka a007089486 chg: [internal] Do not use ajax layout 2022-04-28 14:51:21 +02:00
iglocska 01120163a6
fix: [security] Password confirmation bypass in user edit 
- optional password confirmation can be potentially circumvented
- fooling the user edit via a request that sets accept:application/json whilst posting form content

- as reported by Dawid Czarnecki of Zigrin Security on behalf of the Luxembourg Army
 2022-04-18 02:00:13 +02:00
Sami Mokaddem 69b0937ea2
fix: [user:getClientIp] Typo in variable name 2022-02-08 14:32:05 +01:00
Jakub Onderka 8835dc4a50 fix: [internal] Closing session for statistics 2021-11-25 14:14:41 +01:00