MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: CVEs added

pull/4/head
Alexandre Dulaunoy 2018-03-24 09:50:45 +01:00
parent 107de7df38
commit dc42680b77
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_posts/2018-03-23-MISP.2.4.89.released.md
View File

@ -20,8 +20,8 @@ The API was significantly improved including changes such as attribute UUID in a
Two security bugs were fixed:
- Sanitisation is now properly done from misp-modules especially to avoid XSS from potential malicious expansion modules.
- An API integrity bug where an authenticated user could edit and overwrite an attribute without the UUID set.
- Sanitisation is now properly done from misp-modules especially to avoid XSS from potential malicious expansion modules. [CVE-2018-8948](https://cve.circl.lu/cve/CVE-2018-8948)
- An API integrity bug where an authenticated user could edit and overwrite an attribute without the UUID set. [CVE-2018-8949](https://cve.circl.lu/cve/CVE-2018-8949)
Another important fix was applied to the object handler to remedy a situation where under specific conditions could be overwritten. A recovery tool has been added in the diagnostics page.