VYPR
High severity8.1OSV Advisory· Published Sep 12, 2017· Updated Jun 17, 2026

CVE-2017-14337

CVE-2017-14337

Description

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Misp/MispOSV3 versions
    v0.2, v2.3.0, v2.4.0, …+ 2 more
    • (no CPE)range: v0.2, v2.3.0, v2.4.0, …
    • cpe:2.3:a:misp-project:misp:*:*:*:*:*:*:*:*range: <=2.4.79
    • (no CPE)range: <2.4.80

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.