CVE-2021-27904

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-27904

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27904.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-27904

Published

2021-03-02T07:15:12.760Z

Modified

2026-05-17T03:54:29.292587408Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the "all org" flag sometimes provided view access to unintended actors.

References

https://github.com/MISP/MISP/commit/ca13fee271ad126832c88896776f3050a6c06e64

CVE-2021-27904

Affected packages