MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [security] added CVE-2024-29858 and CVE-2024-29859

pull/99/head
Alexandre Dulaunoy 2024-03-23 11:53:31 +01:00
parent e78743c56a
commit 66bc140874
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
content/security.md
View File

@ -107,7 +107,8 @@ We firmly believe that, even though unfortunately it is often not regarded as co
- [CVE-2023-50918](https://cvepremium.circl.lu/cve/CVE-2023-50918) < MISP 2.4.182 - app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for new audit log features (not enabled by default).
- [CVE-2024-25675](https://vulnerability.circl.lu/vuln/CVE-2024-25675) < MISP 2.4.184 - An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.
- [CVE-2024-25674](https://vulnerability.circl.lu/vuln/CVE-2024-25674) < MISP 2.4.184 - An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.
- [CVE-2024-29859](https://cvepremium.circl.lu/cve/CVE-2024-29859) < MISP 2.4.187 - `add_misp_export` in app/Controller/EventsController.php does not properly check for a valid file upload.
- [CVE-2024-29858](https://cvepremium.circl.lu/cve/CVE-2024-29858) < MISP 2.4.187 - `__uploadLogo` in app/Controller/OrganisationsController.php does not properly check for a valid logo upload.
## PGP Key