When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-12T16:00:00

Updated: 2024-08-05T19:20:41.475Z

Reserved: 2017-09-12T00:00:00

Link: CVE-2017-14337

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-09-12T16:29:00.177

Modified: 2024-11-21T03:12:35.750

Link: CVE-2017-14337

cve-icon Redhat

No data.