CVE Vulnerabilities

CVE-2017-16946

Insertion of Sensitive Information into Log File

Published: Nov 25, 2017 | Modified: Apr 20, 2025
CVSS 3.x
4.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name Vendor Start Version End Version
Misp Misp 2.4.82 (including) 2.4.82 (including)

Potential Mitigations

References