===========================================================================
ZMCIRT Vulnerability Bulletin
ZMC-2021.08.10.1100
MISP: Cross-site scripting - Remote with user interaction
10th August 2021
===========================================================================
Product: MISP
Publisher: MISP Project
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Cross-site Scripting -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2021-37743 CVE-2021-37742
Original Bulletin:
https://www.misp-project.org/2021/08/09/MISP.2.4.148.released.html
https://www.misp-project.org/2021/08/09/MISP.2.4.148.released.html
MISP 2.4.148 released
MISP 2.4.148 released including many bugs fixed along with security fixes. This
release fixes CVE-2021-37742 and CVE-2021-37743.
New feature
o added option to block organisation changes at login on ApacheShibbAuth
o Open data export has been refactored
o Fix Suricata export concerning sticky buffers
o ZMQ now includes misp_json_warninglist topic in the pub-sub channels
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Internet Email: report@cirt.zm
Telephone: 7070
ZMCIRT personnel answer during Zambian business hours
which are 8am to 5pm.
On call after hours for member emergencies only.
===========================================================================
Copyright @2023 ZAMBIA CIRT