A high-severity path traversal vulnerability in MISP allows an administrator to manipulate filesystem logs, creating a risk of unauthorized file system writes.

This vulnerability allows an authenticated site administrator to specify an arbitrary path for the NDJSON error log used by the JsonLogTool. By controlling the log path, an attacker with administrative privileges could potentially overwrite critical system files.

The CVSS score of 8.7 reflects the high potential for system-wide impact. While this requires administrative authentication, the ability to write to arbitrary filesystem paths can be leveraged to escalate privileges, achieve persistence, or cause significant service disruption, directly threatening the integrity of the threat intelligence sharing platform.

Immediate Action: Update the MISP instance to the latest version that enforces strict path validation for the JsonLogTool configuration.

Proactive Monitoring: Review audit logs for unusual configuration changes related to system paths or log file locations.

Compensating Controls: Ensure that the web server user running the MISP service has the principle of least privilege applied, specifically restricting write access to sensitive directories outside of the designated log folder.

Public Exploit Available: false

Administrators should prioritize patching this vulnerability to prevent potential administrative abuse. Ensure that administrative access to the MISP platform is strictly controlled and monitored to mitigate the risk of this and similar configuration-based vulnerabilities.