MISP 2.4.173 released with various bugfixes and improvements

July 11, 2023

We are pleased to announce the immediate availability of MISP v2.4.173 with a new password reset feature, along with a host of quality of life improvements and fixes.

Password reset self-service

We have added a new functionality allowing administrators to enable user self-service for forgotten passwords. When enabled, users will have an additional link below the login screen, allowing them to enter their e-mails and receive a token that can be used to reset their passwords.

The feature requires the user to have a valid encryption key and the lifetime of the tokens is hard-coded to be 10 minutes.

image

New dashboard widgets

The dashboard has seen another round of improvements, with various fixes and new widgets added. 2.4.173 includes the following new widgets:

  • Logarithmic events/org chart (Thanks @vincenzocaputo)
  • ATT&CK heatmap widget

Additionally, you can now download the raw data used to feed each widget.

image

Security fixes

2 vulnerabilities have also been resolved:

Stored XSS via select page titles

Improper sanitisation of user-controlled data ending up in view titles lead to stored XSS

Huge thanks to Ulaş Deniz İlhan from Zigrin Security (absolute heroes at discovering vulnerabilities in MISP!)

CVE-2023-37307

RCE via uploaded certificates

Malicious administrators could trigger RCE by uploading a well crafted file as an SSL certificate for the sync connection.

CVE-2023-37306

Additional information on the vulnerability can be found at the excellent blog post from synacktiv

Huge thanks to @righel for finding and fixing the vulnerability!

A long list of fixes

As always, we have been diligent with including a long list of fixes, including for issues with server sync certificate handling, url encoding of spaces in search strings, CSRF errors and much more! For a detailed list of fixes, please refer to the changelog.

MISP Objects and Relationships

For more details, the misp-object changelog is available.

MISP Galaxy

  • Updated threat actor database to include Budapest Convention relation.

For more details, the misp-galaxy changelog is available.

MISP warning-lists

  • New warning list digitalSide.IT warninglist added.
  • Updated warning-lists for all sources.

For more details, the misp-warninglists changelog is available.

MISP taxonomies

For more details, the misp-taxonomies changelog is available.

Don’t forget to follow us on Mastodon

The MISP projet has its own Mastodon server misp-community.org - don’t forget to follow @misp@misp-community.org on the fediverse. Core contributors of MISP can sign-up if they wish to have an account.

MISP Professional Services

MISP Professional Services (MPS) is a program handled by the lead developers of MISP Project, in order to offer highly skilled services around MISP and to support the sustainability of the MISP project. This initiative is meant to address the policy requirements of companies/organisations requiring commercial support contracts. Don’t hesitate to get in touch with us if you need specific services.