CVE-2024-58130
Published: 28 March 2025
Description
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
Security Summary
CVE-2024-58130 is a vulnerability in MISP (Malware Information Sharing Platform) versions prior to 2.4.193, located in the app/Controller/Component/RestResponseComponent.php file. It arises from a lack of sanitization for non-JSON responses in REST endpoints, mapped to CWE-79 (Cross-Site Scripting). The issue carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N), indicating high severity due to its network accessibility, low attack complexity, and lack of prerequisites.
The vulnerability can be exploited by unauthenticated remote attackers with no user interaction required. By sending crafted requests to affected REST endpoints that produce non-JSON responses, attackers can inject malicious content due to insufficient sanitization. This enables cross-site scripting, resulting in limited impacts to confidentiality and integrity across the changed scope, such as potential session hijacking or data manipulation for users interacting with the MISP instance.
Mitigation is addressed in the MISP v2.4.193 release, available at https://github.com/MISP/MISP/releases/tag/v2.4.193, which incorporates the fixing commit at https://github.com/MISP/MISP/commit/f08a2eaec25f0212c22b225c0b654bd60d089ef9. Security practitioners should upgrade to version 2.4.193 or later to remediate the issue.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
XSS in public-facing REST endpoints of MISP enables remote exploitation of the application (T1190) and facilitates browser session hijacking via injected scripts (T1185), as explicitly noted in the description.