CVE-2024-46918

Summary

CVE-2024-46918 is a vulnerability found in MISP versions prior to 2.4.198 that allows an organization admin to view sensitive login information of other organization admins within the same organization. This flaw arises from a lack of proper access controls in the UserLoginProfilesController.php file, leading to a high confidentiality impact. Organizations using affected MISP products could face significant risks, as unauthorized access to sensitive login fields may result in data breaches and compromised accounts. To remediate this issue, users are advised to upgrade their MISP installations to version 2.4.198 or later, where the vulnerability has been patched. The vulnerability has a medium severity rating with an exploitability score of 1.2 and requires high privileges for exploitation without user interaction over the network.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.