CVE-2015-5719 - Vulnerability in MISP (Malware Information Sharing Platform) - Incorrect validation of temporary filenames

CVE-2015-5719 - Vulnerability in MISP (Malware Information Sharing Platform) - Incorrect validation of temporary filenames

  1. Incorrect validation of temporary filenames
  2. Fixes
  3. CVE
  4. Acknowledgement
  5. Classification of this document
  6. Revision

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

Incorrect validation of temporary filenames

A bug in MISP Malware Information Sharing Platform introduces an unsafe temporary file creation vulnerability.

Fixes

MISP versions below 2.3.92 are vulnerable. This vulnerability is fixed in version 2.3.92.

CVE

CVE-2015-5719

Acknowledgement

CIRCL would like to thank the reporter (Davy Stoffel from Conostix) for his security review.

Classification of this document

TLP:WHITE information may be distributed without restriction, subject to copyright controls.

Revision

  • Version 1.0 - TLP:WHITE - First version (20150804)