Vulnerability Details CVE-2019-16202
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 67.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/
- https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f
- https://github.com/MISP/MISP/compare/v2.4.114...v2.4.115
- https://excellium-services.com/cert-xlm-advisory/cve-2019-16202/
- https://github.com/MISP/MISP/commit/75acd63c46506ad404764c3a3de7d4ca11d0560f
- https://github.com/MISP/MISP/compare/v2.4.114...v2.4.115
Products affected by CVE-2019-16202
-
cpe:2.3:a:misp-project:misp:-
-
cpe:2.3:a:misp-project:misp:0.1
-
cpe:2.3:a:misp-project:misp:0.2
-
cpe:2.3:a:misp-project:misp:2.1
-
cpe:2.3:a:misp-project:misp:2.1.18
-
cpe:2.3:a:misp-project:misp:2.2.1
-
cpe:2.3:a:misp-project:misp:2.2.2
-
cpe:2.3:a:misp-project:misp:2.3.0
-
cpe:2.3:a:misp-project:misp:2.3.100
-
cpe:2.3:a:misp-project:misp:2.3.101
-
cpe:2.3:a:misp-project:misp:2.3.102
-
cpe:2.3:a:misp-project:misp:2.3.103
-
cpe:2.3:a:misp-project:misp:2.3.104
-
cpe:2.3:a:misp-project:misp:2.3.105
-
cpe:2.3:a:misp-project:misp:2.3.106
-
cpe:2.3:a:misp-project:misp:2.3.107
-
cpe:2.3:a:misp-project:misp:2.3.108
-
cpe:2.3:a:misp-project:misp:2.3.109
-
cpe:2.3:a:misp-project:misp:2.3.110
-
cpe:2.3:a:misp-project:misp:2.3.111
-
cpe:2.3:a:misp-project:misp:2.3.112
-
cpe:2.3:a:misp-project:misp:2.3.113
-
cpe:2.3:a:misp-project:misp:2.3.114
-
cpe:2.3:a:misp-project:misp:2.3.115
-
cpe:2.3:a:misp-project:misp:2.3.116
-
cpe:2.3:a:misp-project:misp:2.3.117
-
cpe:2.3:a:misp-project:misp:2.3.118
-
cpe:2.3:a:misp-project:misp:2.3.120
-
cpe:2.3:a:misp-project:misp:2.3.121
-
cpe:2.3:a:misp-project:misp:2.3.122
-
cpe:2.3:a:misp-project:misp:2.3.123
-
cpe:2.3:a:misp-project:misp:2.3.124
-
cpe:2.3:a:misp-project:misp:2.3.125
-
cpe:2.3:a:misp-project:misp:2.3.126
-
cpe:2.3:a:misp-project:misp:2.3.127
-
cpe:2.3:a:misp-project:misp:2.3.128
-
cpe:2.3:a:misp-project:misp:2.3.129
-
cpe:2.3:a:misp-project:misp:2.3.130
-
cpe:2.3:a:misp-project:misp:2.3.131
-
cpe:2.3:a:misp-project:misp:2.3.132
-
cpe:2.3:a:misp-project:misp:2.3.133
-
cpe:2.3:a:misp-project:misp:2.3.134
-
cpe:2.3:a:misp-project:misp:2.3.135
-
cpe:2.3:a:misp-project:misp:2.3.136
-
cpe:2.3:a:misp-project:misp:2.3.137
-
cpe:2.3:a:misp-project:misp:2.3.138
-
cpe:2.3:a:misp-project:misp:2.3.139
-
cpe:2.3:a:misp-project:misp:2.3.14
-
cpe:2.3:a:misp-project:misp:2.3.140
-
cpe:2.3:a:misp-project:misp:2.3.141
-
cpe:2.3:a:misp-project:misp:2.3.142
-
cpe:2.3:a:misp-project:misp:2.3.143
-
cpe:2.3:a:misp-project:misp:2.3.144
-
cpe:2.3:a:misp-project:misp:2.3.145
-
cpe:2.3:a:misp-project:misp:2.3.146
-
cpe:2.3:a:misp-project:misp:2.3.147
-
cpe:2.3:a:misp-project:misp:2.3.148
-
cpe:2.3:a:misp-project:misp:2.3.149
-
cpe:2.3:a:misp-project:misp:2.3.15
-
cpe:2.3:a:misp-project:misp:2.3.150
-
cpe:2.3:a:misp-project:misp:2.3.151
-
cpe:2.3:a:misp-project:misp:2.3.152
-
cpe:2.3:a:misp-project:misp:2.3.153
-
cpe:2.3:a:misp-project:misp:2.3.154
-
cpe:2.3:a:misp-project:misp:2.3.155
-
cpe:2.3:a:misp-project:misp:2.3.156
-
cpe:2.3:a:misp-project:misp:2.3.157
-
cpe:2.3:a:misp-project:misp:2.3.158
-
cpe:2.3:a:misp-project:misp:2.3.159
-
cpe:2.3:a:misp-project:misp:2.3.16
-
cpe:2.3:a:misp-project:misp:2.3.160
-
cpe:2.3:a:misp-project:misp:2.3.161
-
cpe:2.3:a:misp-project:misp:2.3.162
-
cpe:2.3:a:misp-project:misp:2.3.163
-
cpe:2.3:a:misp-project:misp:2.3.164
-
cpe:2.3:a:misp-project:misp:2.3.165
-
cpe:2.3:a:misp-project:misp:2.3.166
-
cpe:2.3:a:misp-project:misp:2.3.167
-
cpe:2.3:a:misp-project:misp:2.3.168
-
cpe:2.3:a:misp-project:misp:2.3.169
-
cpe:2.3:a:misp-project:misp:2.3.17
-
cpe:2.3:a:misp-project:misp:2.3.170
-
cpe:2.3:a:misp-project:misp:2.3.171
-
cpe:2.3:a:misp-project:misp:2.3.172
-
cpe:2.3:a:misp-project:misp:2.3.173
-
cpe:2.3:a:misp-project:misp:2.3.174
-
cpe:2.3:a:misp-project:misp:2.3.175
-
cpe:2.3:a:misp-project:misp:2.3.176
-
cpe:2.3:a:misp-project:misp:2.3.177
-
cpe:2.3:a:misp-project:misp:2.3.178
-
cpe:2.3:a:misp-project:misp:2.3.18
-
cpe:2.3:a:misp-project:misp:2.3.19
-
cpe:2.3:a:misp-project:misp:2.3.20
-
cpe:2.3:a:misp-project:misp:2.3.21
-
cpe:2.3:a:misp-project:misp:2.3.22
-
cpe:2.3:a:misp-project:misp:2.3.23
-
cpe:2.3:a:misp-project:misp:2.3.24
-
cpe:2.3:a:misp-project:misp:2.3.25
-
cpe:2.3:a:misp-project:misp:2.3.26
-
cpe:2.3:a:misp-project:misp:2.3.27
-
cpe:2.3:a:misp-project:misp:2.3.28
-
cpe:2.3:a:misp-project:misp:2.3.29
-
cpe:2.3:a:misp-project:misp:2.3.30
-
cpe:2.3:a:misp-project:misp:2.3.31
-
cpe:2.3:a:misp-project:misp:2.3.32
-
cpe:2.3:a:misp-project:misp:2.3.33
-
cpe:2.3:a:misp-project:misp:2.3.34
-
cpe:2.3:a:misp-project:misp:2.3.35
-
cpe:2.3:a:misp-project:misp:2.3.36
-
cpe:2.3:a:misp-project:misp:2.3.37
-
cpe:2.3:a:misp-project:misp:2.3.38
-
cpe:2.3:a:misp-project:misp:2.3.39
-
cpe:2.3:a:misp-project:misp:2.3.40
-
cpe:2.3:a:misp-project:misp:2.3.41
-
cpe:2.3:a:misp-project:misp:2.3.42
-
cpe:2.3:a:misp-project:misp:2.3.43
-
cpe:2.3:a:misp-project:misp:2.3.44
-
cpe:2.3:a:misp-project:misp:2.3.45
-
cpe:2.3:a:misp-project:misp:2.3.46
-
cpe:2.3:a:misp-project:misp:2.3.47
-
cpe:2.3:a:misp-project:misp:2.3.48
-
cpe:2.3:a:misp-project:misp:2.3.49
-
cpe:2.3:a:misp-project:misp:2.3.50
-
cpe:2.3:a:misp-project:misp:2.3.51
-
cpe:2.3:a:misp-project:misp:2.3.52
-
cpe:2.3:a:misp-project:misp:2.3.53
-
cpe:2.3:a:misp-project:misp:2.3.54
-
cpe:2.3:a:misp-project:misp:2.3.55
-
cpe:2.3:a:misp-project:misp:2.3.56
-
cpe:2.3:a:misp-project:misp:2.3.57
-
cpe:2.3:a:misp-project:misp:2.3.58
-
cpe:2.3:a:misp-project:misp:2.3.59
-
cpe:2.3:a:misp-project:misp:2.3.60
-
cpe:2.3:a:misp-project:misp:2.3.61
-
cpe:2.3:a:misp-project:misp:2.3.62
-
cpe:2.3:a:misp-project:misp:2.3.63
-
cpe:2.3:a:misp-project:misp:2.3.64
-
cpe:2.3:a:misp-project:misp:2.3.65
-
cpe:2.3:a:misp-project:misp:2.3.66
-
cpe:2.3:a:misp-project:misp:2.3.67
-
cpe:2.3:a:misp-project:misp:2.3.68
-
cpe:2.3:a:misp-project:misp:2.3.69
-
cpe:2.3:a:misp-project:misp:2.3.70
-
cpe:2.3:a:misp-project:misp:2.3.71
-
cpe:2.3:a:misp-project:misp:2.3.72
-
cpe:2.3:a:misp-project:misp:2.3.73
-
cpe:2.3:a:misp-project:misp:2.3.74
-
cpe:2.3:a:misp-project:misp:2.3.75
-
cpe:2.3:a:misp-project:misp:2.3.76
-
cpe:2.3:a:misp-project:misp:2.3.77
-
cpe:2.3:a:misp-project:misp:2.3.78
-
cpe:2.3:a:misp-project:misp:2.3.79
-
cpe:2.3:a:misp-project:misp:2.3.80
-
cpe:2.3:a:misp-project:misp:2.3.81
-
cpe:2.3:a:misp-project:misp:2.3.82
-
cpe:2.3:a:misp-project:misp:2.3.83
-
cpe:2.3:a:misp-project:misp:2.3.84
-
cpe:2.3:a:misp-project:misp:2.3.85
-
cpe:2.3:a:misp-project:misp:2.3.87
-
cpe:2.3:a:misp-project:misp:2.3.88
-
cpe:2.3:a:misp-project:misp:2.3.89
-
cpe:2.3:a:misp-project:misp:2.3.90
-
cpe:2.3:a:misp-project:misp:2.3.91
-
cpe:2.3:a:misp-project:misp:2.3.92
-
cpe:2.3:a:misp-project:misp:2.3.93
-
cpe:2.3:a:misp-project:misp:2.3.94
-
cpe:2.3:a:misp-project:misp:2.3.95
-
cpe:2.3:a:misp-project:misp:2.3.96
-
cpe:2.3:a:misp-project:misp:2.3.97
-
cpe:2.3:a:misp-project:misp:2.3.98
-
cpe:2.3:a:misp-project:misp:2.3.99
-
cpe:2.3:a:misp-project:misp:2.4.0
-
cpe:2.3:a:misp-project:misp:2.4.1
-
cpe:2.3:a:misp-project:misp:2.4.10
-
cpe:2.3:a:misp-project:misp:2.4.100
-
cpe:2.3:a:misp-project:misp:2.4.101
-
cpe:2.3:a:misp-project:misp:2.4.102
-
cpe:2.3:a:misp-project:misp:2.4.103
-
cpe:2.3:a:misp-project:misp:2.4.104
-
cpe:2.3:a:misp-project:misp:2.4.105
-
cpe:2.3:a:misp-project:misp:2.4.106
-
cpe:2.3:a:misp-project:misp:2.4.107
-
cpe:2.3:a:misp-project:misp:2.4.108
-
cpe:2.3:a:misp-project:misp:2.4.109
-
cpe:2.3:a:misp-project:misp:2.4.11
-
cpe:2.3:a:misp-project:misp:2.4.110
-
cpe:2.3:a:misp-project:misp:2.4.111
-
cpe:2.3:a:misp-project:misp:2.4.112
-
cpe:2.3:a:misp-project:misp:2.4.113
-
cpe:2.3:a:misp-project:misp:2.4.114
-
cpe:2.3:a:misp-project:misp:2.4.12
-
cpe:2.3:a:misp-project:misp:2.4.13
-
cpe:2.3:a:misp-project:misp:2.4.14
-
cpe:2.3:a:misp-project:misp:2.4.15
-
cpe:2.3:a:misp-project:misp:2.4.16
-
cpe:2.3:a:misp-project:misp:2.4.17
-
cpe:2.3:a:misp-project:misp:2.4.18
-
cpe:2.3:a:misp-project:misp:2.4.2
-
cpe:2.3:a:misp-project:misp:2.4.20
-
cpe:2.3:a:misp-project:misp:2.4.21
-
cpe:2.3:a:misp-project:misp:2.4.22
-
cpe:2.3:a:misp-project:misp:2.4.23
-
cpe:2.3:a:misp-project:misp:2.4.24
-
cpe:2.3:a:misp-project:misp:2.4.25
-
cpe:2.3:a:misp-project:misp:2.4.26
-
cpe:2.3:a:misp-project:misp:2.4.27
-
cpe:2.3:a:misp-project:misp:2.4.28
-
cpe:2.3:a:misp-project:misp:2.4.29
-
cpe:2.3:a:misp-project:misp:2.4.3
-
cpe:2.3:a:misp-project:misp:2.4.30
-
cpe:2.3:a:misp-project:misp:2.4.31
-
cpe:2.3:a:misp-project:misp:2.4.32
-
cpe:2.3:a:misp-project:misp:2.4.33
-
cpe:2.3:a:misp-project:misp:2.4.34
-
cpe:2.3:a:misp-project:misp:2.4.35
-
cpe:2.3:a:misp-project:misp:2.4.36
-
cpe:2.3:a:misp-project:misp:2.4.37
-
cpe:2.3:a:misp-project:misp:2.4.38
-
cpe:2.3:a:misp-project:misp:2.4.39
-
cpe:2.3:a:misp-project:misp:2.4.4
-
cpe:2.3:a:misp-project:misp:2.4.40
-
cpe:2.3:a:misp-project:misp:2.4.41
-
cpe:2.3:a:misp-project:misp:2.4.42
-
cpe:2.3:a:misp-project:misp:2.4.43
-
cpe:2.3:a:misp-project:misp:2.4.44
-
cpe:2.3:a:misp-project:misp:2.4.45
-
cpe:2.3:a:misp-project:misp:2.4.46
-
cpe:2.3:a:misp-project:misp:2.4.47
-
cpe:2.3:a:misp-project:misp:2.4.48
-
cpe:2.3:a:misp-project:misp:2.4.49
-
cpe:2.3:a:misp-project:misp:2.4.5
-
cpe:2.3:a:misp-project:misp:2.4.50
-
cpe:2.3:a:misp-project:misp:2.4.51
-
cpe:2.3:a:misp-project:misp:2.4.52
-
cpe:2.3:a:misp-project:misp:2.4.53
-
cpe:2.3:a:misp-project:misp:2.4.54
-
cpe:2.3:a:misp-project:misp:2.4.55
-
cpe:2.3:a:misp-project:misp:2.4.56
-
cpe:2.3:a:misp-project:misp:2.4.57
-
cpe:2.3:a:misp-project:misp:2.4.58
-
cpe:2.3:a:misp-project:misp:2.4.59
-
cpe:2.3:a:misp-project:misp:2.4.6
-
cpe:2.3:a:misp-project:misp:2.4.60
-
cpe:2.3:a:misp-project:misp:2.4.61
-
cpe:2.3:a:misp-project:misp:2.4.62
-
cpe:2.3:a:misp-project:misp:2.4.63
-
cpe:2.3:a:misp-project:misp:2.4.64
-
cpe:2.3:a:misp-project:misp:2.4.65
-
cpe:2.3:a:misp-project:misp:2.4.66
-
cpe:2.3:a:misp-project:misp:2.4.67
-
cpe:2.3:a:misp-project:misp:2.4.68
-
cpe:2.3:a:misp-project:misp:2.4.69
-
cpe:2.3:a:misp-project:misp:2.4.7
-
cpe:2.3:a:misp-project:misp:2.4.70
-
cpe:2.3:a:misp-project:misp:2.4.71
-
cpe:2.3:a:misp-project:misp:2.4.72
-
cpe:2.3:a:misp-project:misp:2.4.73
-
cpe:2.3:a:misp-project:misp:2.4.74
-
cpe:2.3:a:misp-project:misp:2.4.75
-
cpe:2.3:a:misp-project:misp:2.4.76
-
cpe:2.3:a:misp-project:misp:2.4.77
-
cpe:2.3:a:misp-project:misp:2.4.78
-
cpe:2.3:a:misp-project:misp:2.4.79
-
cpe:2.3:a:misp-project:misp:2.4.80
-
cpe:2.3:a:misp-project:misp:2.4.81
-
cpe:2.3:a:misp-project:misp:2.4.82
-
cpe:2.3:a:misp-project:misp:2.4.83
-
cpe:2.3:a:misp-project:misp:2.4.84
-
cpe:2.3:a:misp-project:misp:2.4.85
-
cpe:2.3:a:misp-project:misp:2.4.86
-
cpe:2.3:a:misp-project:misp:2.4.87
-
cpe:2.3:a:misp-project:misp:2.4.88
-
cpe:2.3:a:misp-project:misp:2.4.89
-
cpe:2.3:a:misp-project:misp:2.4.9
-
cpe:2.3:a:misp-project:misp:2.4.90
-
cpe:2.3:a:misp-project:misp:2.4.91
-
cpe:2.3:a:misp-project:misp:2.4.92
-
cpe:2.3:a:misp-project:misp:2.4.93
-
cpe:2.3:a:misp-project:misp:2.4.94
-
cpe:2.3:a:misp-project:misp:2.4.95
-
cpe:2.3:a:misp-project:misp:2.4.96
-
cpe:2.3:a:misp-project:misp:2.4.97
-
cpe:2.3:a:misp-project:misp:2.4.98
-
cpe:2.3:a:misp-project:misp:2.4.99