Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MISP 安全漏洞
Vulnerability Description
MISP是一套开源的用于收集、存储、分发和共享网络安全指标和威胁网络安全事件分析和恶意软件分析的软件解决方案。 MISP 2.4.87版本中的app/Controller/ServersController.php文件存在安全漏洞。攻击者可利用该漏洞覆盖Red Hed Enterprise Linux和CentOS系统上的路径变量,注入任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A