{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/products/misp-modules-website/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":["misp-modules (\u003c= 3.0.7)","misp-modules website"],"_cs_severities":["critical"],"_cs_tags":["csrf","vulnerability","web-application"],"_cs_type":"threat","_cs_vendors":["MISP"],"content_html":"\u003cp\u003eA Cross-Site Request Forgery (CSRF) vulnerability was discovered in the MISP Modules website affecting versions 3.0.7 and earlier. The vulnerability stems from the home blueprint lacking CSRF protection, which allows an attacker to craft malicious requests that are then executed by an authenticated user without their knowledge or consent. By exploiting this flaw, attackers can potentially modify session query data, leading to unauthorized actions or information disclosure within the context of the compromised user. This vulnerability was reported by Bilal Teke and has been addressed by enabling CSRF protection for the affected blueprint and hardening query parsing.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious HTML page containing a forged request targeting the MISP Modules website\u0026rsquo;s home endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious HTML page through phishing, social engineering, or other means to a targeted, authenticated user of the MISP Modules website.\u003c/li\u003e\n\u003cli\u003eThe victim visits the attacker-controlled webpage while authenticated to the MISP Modules website.\u003c/li\u003e\n\u003cli\u003eThe victim\u0026rsquo;s browser automatically sends the forged request to the MISP Modules website\u0026rsquo;s home endpoint due to the missing CSRF protection.\u003c/li\u003e\n\u003cli\u003eThe MISP Modules website processes the forged request as if it were a legitimate action initiated by the authenticated user.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the forged request to modify session query data associated with the victim\u0026rsquo;s session.\u003c/li\u003e\n\u003cli\u003eThe modification of session query data leads to unintended behavior or access within the MISP Modules website, potentially allowing the attacker to gain unauthorized access or control.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this CSRF vulnerability (CVE-2026-44364) could allow an attacker to modify session query data of authenticated users on the MISP Modules website. This could potentially lead to unauthorized access to sensitive information, modification of user settings, or execution of actions on behalf of the user. While the exact number of affected users is unknown, the critical severity suggests a high potential for widespread impact if the vulnerability were to be exploited in the wild.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of \u003ccode\u003emisp-modules\u003c/code\u003e greater than 3.0.7 to remediate CVE-2026-44364.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious MISP Session Query Modification\u0026rdquo; to identify potential exploitation attempts targeting the home endpoint by monitoring webserver logs.\u003c/li\u003e\n\u003cli\u003eEnable CSRF protection on all web application endpoints, following secure development practices.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-25T12:00:00Z","date_published":"2024-01-25T12:00:00Z","id":"/briefs/2024-01-misp-csrf/","summary":"A critical Cross-Site Request Forgery (CSRF) vulnerability in the MISP Modules website allows an attacker to induce an authenticated user to submit unintended requests to the home endpoint, potentially modifying session query data.","title":"MISP Modules Website CSRF Vulnerability","url":"https://feed.craftedsignal.io/briefs/2024-01-misp-csrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Misp-Modules Website","version":"https://jsonfeed.org/version/1.1"}