CVE-2024-46918 in MISPinfo

Summary

by MITRE • 09/15/2024

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 06/23/2026

The vulnerability identified as CVE-2024-46918 resides within the MISP (Malware Information Sharing Platform) software ecosystem, specifically in the UserLoginProfilesController component. This issue affects versions prior to 2.4.198 and represents a critical access control flaw that undermines the security boundaries between organizational administrators. The vulnerability manifests when an organization administrator attempts to access login profile information of another organization administrator within the same organization, bypassing the intended authorization controls that should prevent such cross-organizational data exposure.

The technical implementation flaw stems from insufficient input validation and access control mechanisms within the application's controller logic. When processing requests related to user login profiles, the system fails to properly verify whether the requesting administrator possesses the appropriate privileges to access specific user data. This oversight creates a path where organizational boundaries can be circumvented through direct manipulation of API endpoints or web interface interactions. The vulnerability directly relates to CWE-285, which addresses insufficient authorization in software applications, and demonstrates how inadequate privilege checks can lead to unauthorized data access. The flaw operates at the application layer, specifically targeting the authentication and authorization components that govern user access to sensitive information.

The operational impact of this vulnerability extends beyond simple data exposure, as it compromises the fundamental security model of multi-organizational deployments within MISP. Organization administrators who should only have access to their own organizational data can potentially extract sensitive login information, credentials, or authentication-related metadata from their peers within the same organization. This creates significant risk for environments where multiple organizations share the same MISP instance, as it undermines the trust model that separates different organizational entities. Attackers could leverage this vulnerability to gain intelligence about other administrators, potentially facilitating further attacks such as credential harvesting, social engineering, or targeted exploitation of administrator accounts. The risk is particularly elevated in environments where MISP serves as a central hub for threat intelligence sharing across multiple organizations.

Mitigation strategies for CVE-2024-46918 should prioritize immediate patching to version 2.4.198 or later, which includes the necessary access control fixes. Organizations should also implement additional monitoring of administrative access patterns to detect anomalous behavior that might indicate exploitation attempts. The solution aligns with ATT&CK technique T1078 which covers valid accounts and privilege escalation, as this vulnerability essentially allows unauthorized access to privileged accounts through improper access control. Security teams should review and strengthen their access control policies, ensuring that administrative privileges are properly scoped and that role-based access controls are enforced at all levels of the application. Additionally, implementing proper audit logging for administrative actions will help detect and respond to unauthorized access attempts, while regular security assessments should verify that similar access control flaws do not exist in other components of the system.

Responsible

MITRE

Reservation

09/15/2024

Disclosure

09/15/2024

Moderation

accepted

CPE

ready

EPSS

0.00436

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!