Vulnerability in CertAuth module when used with external user management API
When MISP is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
The impact of this vulnerability is very low as the vulnerability highly depends of the external user-management used in conjunction with the X.509 certificate authentication.
MISP versions up to 2.4.79 are vulnerable. This vulnerability is fixed in be111a470204a974c50682054c9c7d4b94396ed9.
git pull on the 2.4 branch will fix the mentioned vulnerability.
CIRCL would like to thank the reporter FIRST.org liaison member - Lewis Philbey.
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
- Version 1.0 - TLP:WHITE - First version (20170912)