A new version of MISP (2.4.99) has been released with improvements in the UI, API, STIX import and a fixed critical security vulnerability.
Thanks to Francois-Xavier Stellamans from NCI Agency Cyber Security who reported a critical vulnerability in the STIX 1 import code. The vulnerability allows a malicious authenticated user to inject commands via an incorrectly escaped variable name (the original name of the STIX file). We strongly urge users to update their MISP instance to the latest version. We also replaced the mechanism of storing the original uploaded files on ingestion with a standardised function that will process the files without passing them to external tools - this reusable system will avoid any similar issues in the future if new similar mechanisms are introduced. CVE-2018-19908
This release includes the following changes:
We would like to thank all the contributors, reporters and users who helped us in the past days to improve MISP.
MISP galaxy, objects and taxonomies were extended by many contributors. These are also included by default in MISP. Don’t forget to do a
git submodule update and update galaxies, objects and taxonomies via the UI.
A detailed and complete changelog is available with all the fixes, changes and improvements.
Don’t hesitate to have a look at our events page to see our next activities to improve threat intelligence, analytics and automation.