漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification
Vulnerability Description
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could craft a modified request containing another user identifier, potentially causing updates to be applied to an unintended user account. Depending on the editable fields and the attacker’s privileges, this could allow unauthorized modification of user account attributes and impact account integrity. The issue was addressed by explicitly removing the User.id field from request data before processing the user edit operation.
CVSS Information
N/A
Vulnerability Type
特权管理不恰当
Vulnerability Title
MISP 安全漏洞
Vulnerability Description
MISP是MISP开源的一套开源的软件解决方案。该产品用于收集、存储、分发、共享网络安全指标,并具有威胁网络安全事件分析和恶意软件分析等功能。 MISP存在安全漏洞,该漏洞源于UsersController::edit()中用户编辑功能对用户提供的字段过滤不足,接受用户控制的User.id值,可能导致经过身份验证的攻击者构造修改请求,将更新应用于非预期的用户账户。
CVSS Information
N/A
Vulnerability Type
N/A