From 923c02fdb172d72ccd907fade861a822f2d69941 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Tue, 11 Jul 2023 08:47:32 +0200
Subject: [PATCH] chg: [security] updated for MISP 2.4.173

---
 content/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/security.md b/content/security.md
index 48432af..269bd3b 100755
--- a/content/security.md
+++ b/content/security.md
@@ -95,7 +95,7 @@ We firmly believe that, even though unfortunately it is often not regarded as co
 - [CVE-2023-28606](https://cvepremium.circl.lu/cve/CVE-2023-28606) < MISP 2.4.169 - js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. 
 - [CVE-2023-28607](https://cvepremium.circl.lu/cve/CVE-2023-28607) < MISP 2.4.169 - js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. 
 - [CVE-2023-28884](https://cvepremium.circl.lu/cve/CVE-2023-28884) < MISP 2.4.170 - app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. 
-- CVE-2023-37306 - error-based padding oracle
+- [CVE-2023-37306](https://cvepremium.circl.lu/cve/CVE-2023-37306) < MISP 2.4.173 - MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages.  
 
 ## PGP Key