MISP ShadowAttribute Proposal Workflow Vulnerability Allows Unauthorized Record Modification

A vulnerability exists in the ShadowAttribute proposal creation process within MISP. The issue arises because the add action accepts user-controlled ShadowAttribute request data without removing the id field before saving the record. This oversight allows an authenticated user to update an existing ShadowAttribute record instead of creating a new proposal. Such unauthorized modifications could impact associated event proposals that the user should not be able to change. Additionally, depending on the deployment configuration and available API responses, this vulnerability might expose or transfer proposal data across different event contexts.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in ShadowAttribute records, allowing users to modify event proposals they should not have access to.

Remediation

Users can update to MISP version 2.5.38, where this vulnerability has been fixed.