CVE-2017-14337 - Vulnerability in MISP (Malware Information Sharing Platform) and Threat Sharing - Vulnerability in CertAuth module when used with external user management API

CVE-2017-14337 - Vulnerability in MISP (Malware Information Sharing Platform) and Threat Sharing - Vulnerability in CertAuth module when used with external user management API

  1. Vulnerability in CertAuth module when used with external user management API
  2. Impact
  3. Fixes
  4. CVE
  5. Acknowledgement
  6. Classification of this document
  7. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

Vulnerability in CertAuth module when used with external user management API

When MISP is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.

Impact

The impact of this vulnerability is very low as the vulnerability highly depends of the external user-management used in conjunction with the X.509 certificate authentication.

Fixes

MISP versions up to 2.4.79 are vulnerable. This vulnerability is fixed in be111a470204a974c50682054c9c7d4b94396ed9. git pull on the 2.4 branch will fix the mentioned vulnerability.

CVE

CVE-2017-14337

Acknowledgement

CIRCL would like to thank the reporter FIRST.org liaison member - Lewis Philbey.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 - TLP:WHITE - First version (20170912)