cvedb.io
CVE-2017-14337
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2017-09-12T16:29:00.177 · Last modified 2026-06-17T01:05:58.790

Summary

When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.

Affected products

misp-project — misp

Does this affect you?

Add your gear to cvedb and we'll alert you only when misp-project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.