Mitigation Strategies

To mitigate this vulnerability, apply the patch that modifies the NewOrgsWidget.php and NewUsersWidget.php files to properly handle field selection and restrict email disclosure for non-site administrators.

Ensure that the configuration 'Security.disclose_user_emails' is set appropriately to prevent unauthorized disclosure of user email addresses.

The patch improves the logic for handling field options to prevent unauthorized data exposure by only including authorized fields and redacting sensitive information by default.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability could lead to unauthorized disclosure of restricted user or organisation metadata, including user e-mail addresses, to authenticated low-privileged users. Such unintended data exposure may conflict with compliance requirements under regulations like GDPR and HIPAA, which mandate strict controls on personal and sensitive information disclosure.

Specifically, the exposure of user e-mail addresses despite configuration settings to disable such disclosure could violate privacy and data protection principles, potentially resulting in non-compliance with these standards.

The patch addresses this by ensuring that restricted fields such as user e-mail addresses are removed before processing user-supplied field selections, and that only authorized fields are included in responses, thereby helping to maintain compliance.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in the MISP dashboard widgets, where an authenticated user can manipulate the fields option to influence which data fields are returned by the New Users and New Organisations widgets.

Because of improper handling of field filtering and redaction, a user could request a set of fields that after validation became empty, causing the system to fall back to returning unintended model fields.

Specifically, this could allow a non-site-admin user to obtain sensitive information such as user e-mail addresses even when email disclosure was disabled, or unintended organisation fields in the dashboard response.

Useful 0 Not Useful 0

Impact Analysis

An authenticated user with low privileges who has access to the affected dashboard widgets may be able to disclose restricted user or organisation metadata.

This includes potentially sensitive information such as user e-mail addresses, which could be exposed depending on the system's configuration.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves manipulation of the fields option in MISP dashboard widgets by an authenticated user to access restricted user or organisation data. Detection would involve monitoring for unusual or unauthorized queries to the New Users and New Organisations widgets that request unexpected or sensitive fields, such as user email addresses.

Since the issue is related to authenticated users manipulating widget field selections, detection can focus on analyzing application logs for suspicious API calls or dashboard widget requests that include crafted field parameters.

Specific commands are not provided in the available resources, but general approaches include:

• Reviewing MISP application logs for requests to NewUsersWidget.php and NewOrgsWidget.php with unusual or empty field parameters.
• Using web server access logs or application logs to identify authenticated user requests that include manipulated field options in dashboard widget queries.
• Implementing monitoring or alerting on API endpoints or dashboard widget accesses that deviate from normal usage patterns.

For example, you might use commands like grep or similar log analysis tools to search for suspicious field parameter usage in logs, such as:

• grep 'NewUsersWidget.php' /var/log/misp/application.log | grep 'fields='
• grep 'NewOrgsWidget.php' /var/log/misp/application.log | grep 'fields='

However, no explicit detection commands or scripts are provided in the resources.

Useful 0 Not Useful 0