CVE-2018-8949

Posted on 2018년 3월 24일2018년 3월 24일 by admin

CVE-2018-8949

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.

Source: CVE-2018-8949

답글 남기기 응답 취소