CVE-2024-45509

Summary

CVE-2024-45509 is a vulnerability affecting MISP versions up to 2.4.196, specifically in the BookmarksController.php file, where access to bookmarks data is inadequately restricted for users who are not organization administrators. This flaw allows unauthorized users to potentially access sensitive bookmarks data, posing a high confidentiality impact. To remediate this issue, organizations should apply the patch referenced in the recent GitHub commit linked in the vulnerability report. The exploitability score is rated at 2.8, with a base severity of medium and a base score of 6.5, indicating that while user interaction is not required, exploitation could occur through network vectors with low privileges needed. Failure to address this vulnerability may expose organizations to significant data breaches or leaks of sensitive information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.