chg: [security] CVE-2022-42724 added

pull/70/head
Alexandre Dulaunoy 2022-10-10 08:15:26 +02:00
parent f1ecf6d965
commit 486ba7d6cb
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 1 additions and 0 deletions

View File

@ -84,6 +84,7 @@ We firmly believe that, even though unfortunately it is often not regarded as co
- [CVE-2022-29533](https://cvepremium.circl.lu/cve/CVE-2022-29533) < MISP 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page."
- [CVE-2022-29528](https://cvepremium.circl.lu/cve/CVE-2022-29528) < MISP 2.4.158. PHAR deserialization can occur.
- [CVE-2022-29531](https://cvepremium.circl.lu/cve/CVE-2022-29531) < MISP 2.4.158. There is stored XSS in the event graph via a tag name.
- [CVE-2022-42724](https://cvepremium.circl.lu/cve/CVE-2022-42724) < MISP 2.4.163 - allows attackers to discover role names (this is information that only the site admin should have).
## PGP Key