VYPR
Medium severity4.3OSV Advisory· Published Mar 23, 2018· Updated Jun 17, 2026

CVE-2018-8949

CVE-2018-8949

Description

An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Misp/MispOSV2 versions
    v0.2, v2.3.0, v2.4.0, …+ 1 more
    • (no CPE)range: v0.2, v2.3.0, v2.4.0, …
    • (no CPE)range: <2.4.89

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.