From 486ba7d6cbabadd724b16d746b47ca4d0c1418ca Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 10 Oct 2022 08:15:26 +0200 Subject: [PATCH] chg: [security] CVE-2022-42724 added --- content/security.md | 1 + 1 file changed, 1 insertion(+) diff --git a/content/security.md b/content/security.md index 74aa5fd..cfeab4a 100755 --- a/content/security.md +++ b/content/security.md @@ -84,6 +84,7 @@ We firmly believe that, even though unfortunately it is often not regarded as co - [CVE-2022-29533](https://cvepremium.circl.lu/cve/CVE-2022-29533) < MISP 2.4.158. There is XSS in app/Controller/OrganisationsController.php in a situation with a "weird single checkbox page." - [CVE-2022-29528](https://cvepremium.circl.lu/cve/CVE-2022-29528) < MISP 2.4.158. PHAR deserialization can occur. - [CVE-2022-29531](https://cvepremium.circl.lu/cve/CVE-2022-29531) < MISP 2.4.158. There is stored XSS in the event graph via a tag name. +- [CVE-2022-42724](https://cvepremium.circl.lu/cve/CVE-2022-42724) < MISP 2.4.163 - allows attackers to discover role names (this is information that only the site admin should have). ## PGP Key