From 95af1a7b6c8d4c5a57736565ec7d492b1e4a5324 Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Mon, 18 Dec 2023 09:26:05 +0100
Subject: [PATCH] chg: [security] CVE-2023-50918 added

---
 content/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/security.md b/content/security.md
index ffd3ed9..c06e0b1 100755
--- a/content/security.md
+++ b/content/security.md
@@ -104,7 +104,7 @@ We firmly believe that, even though unfortunately it is often not regarded as co
 - [CVE-2023-48659](https://cvepremium.circl.lu/cve/CVE-2023-48659) < MISP 2.4.176 - An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.
 - [CVE-2023-48658](https://cvepremium.circl.lu/cve/CVE-2023-48658) < MISP 2.4.176 - An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. 
 - [CVE-2023-49926](https://cvepremium.circl.lu/cve/CVE-2023-49926) < MISP 2.4.179 - app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget. 
-
+- [CVE-2023-50918](https://cvepremium.circl.lu/cve/CVE-2023-50918) < MISP 2.4.182 - app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for new audit log features (not enabled by default). 
 
 
 ## PGP Key