MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

new: [security] Assigned CVEs added

pull/62/head
Alexandre Dulaunoy 2022-03-18 21:24:20 +01:00
parent 883ba66642
commit 12c5e4bf5e
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
content/security.md
View File

@ -74,7 +74,10 @@ We firmly believe that, even though unfortunately it is often not regarded as co
- [CVE-2021-37743](https://cvepremium.circl.lu/cve/CVE-2021-37743) <= MISP 2.4.147 - app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format.
- [CVE-2021-39302](https://cvepremium.circl.lu/cve/CVE-2021-39302) <= MISP 2.4.148 - MISP in certain configurations, when used with PostgreSQL (which is not a default configuration), allows SQL injection via the app/Model/Log.php $conditions['org'] value.
- [CVE-2021-41326](https://cvepremium.circl.lu/cve/CVE-2021-41326) < MISP 2.4.148 - app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.
- CVE-2022-27245
- CVE-2022-27243
- CVE-2022-27246
- CVE-2022-27244
## PGP Key