{
  "id": "CVE-2021-31780",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2021-04-23T20:15:08.027",
  "lastModified": "2021-05-05T20:06:49.237",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing group association could lead to information disclosure on an event edit. When an object has a sharing group associated with an event edit, the sharing group object is ignored and instead the passed local ID is reused."
    },
    {
      "lang": "es",
      "value": "En el archivo app/Model/MispObject.php en MISP versi\u00f3n 2.4.141, una asociaci\u00f3n de grupo de intercambio incorrecta podr\u00eda conllevar a la divulgaci\u00f3n de informaci\u00f3n en una edici\u00f3n de evento. Cuando un objeto presenta un grupo para compartir asociado con una edici\u00f3n de evento, el objeto del grupo para compartir se ignora y, en su lugar, es reutilizado la ID local pasado"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:misp:misp:2.4.141:*:*:*:*:*:*:*",
              "matchCriteriaId": "0709C4C6-DB6A-459D-BA1C-23198DC2F894"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/MISP/MISP/commit/a0f08501d2850025892e703f40fb1570c7995478",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}