Incorrect validation of temporary filenames
A bug in MISP Malware Information Sharing Platform introduces an unsafe temporary file creation vulnerability.
Fixes
MISP versions below 2.3.92 are vulnerable. This vulnerability is fixed in version 2.3.92.
CVE
CVE-2015-5719
Acknowledgement
CIRCL would like to thank the reporter (Davy Stoffel from Conostix) for his security review.
Classification of this document
TLP:CLEAR information may be distributed without restriction, subject to copyright controls.
Revision
- Version 1.0 - TLP:CLEAR - First version (20150804)