CVE-2024-29858 is a critical security vulnerability identified in the Malware Information Sharing Platform (MISP) prior to version 2.4.187. The issue resides in the __uploadLogo function within the app/Controller/OrganisationsController.php file, where the application fails to properly validate uploaded logo files. This improper validation can allow an attacker to upload arbitrary files, potentially including malicious scripts or executables, without any authentication or user interaction. The vulnerability is classified under CWE-616, which relates to improper validation of uploaded files. Given the CVSS 3.1 base score of 9.8, the vulnerability has a network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). This means an attacker can remotely exploit the vulnerability to execute arbitrary code, manipulate or exfiltrate sensitive data, and disrupt system operations. MISP is widely used by cybersecurity teams, government agencies, and private sector organizations for sharing threat intelligence, making this vulnerability particularly impactful. Although no public exploits are currently known, the critical nature of the flaw demands immediate attention. The lack of patch links suggests that users must monitor official MISP channels for updates or apply interim mitigations. The vulnerability’s exploitation could lead to full system compromise, data breaches, and disruption of threat intelligence sharing activities.

The impact of CVE-2024-29858 is severe for organizations worldwide that rely on MISP for threat intelligence sharing and coordination. Successful exploitation allows unauthenticated remote attackers to upload malicious files, potentially leading to remote code execution, data theft, and service disruption. This compromises the confidentiality, integrity, and availability of the affected systems. Organizations could face operational downtime, loss of sensitive threat intelligence data, and reputational damage. Given MISP’s role in cybersecurity collaboration, exploitation could also indirectly affect broader security postures by disrupting information sharing among trusted partners. The vulnerability’s ease of exploitation and high impact increase the risk of targeted attacks by cybercriminals or nation-state actors. Entities in critical infrastructure, government, defense, and cybersecurity sectors are particularly vulnerable due to their reliance on MISP and the sensitivity of the data involved. The absence of known exploits in the wild currently provides a limited window for proactive defense, but the critical CVSS score indicates that exploitation attempts are likely to emerge rapidly.

To mitigate CVE-2024-29858, organizations should immediately upgrade MISP to version 2.4.187 or later once available, as this version addresses the improper file upload validation. Until patches are applied, administrators should implement strict file upload controls, such as restricting allowed file types to safe image formats (e.g., PNG, JPEG) and enforcing server-side validation of file content and metadata. Employing web application firewalls (WAFs) with rules to detect and block suspicious file uploads can provide additional protection. Monitoring logs for unusual upload activity and scanning uploaded files for malware are recommended. Limiting network exposure of MISP instances to trusted networks and enforcing strong access controls can reduce attack surface. Regularly reviewing and updating security policies related to file uploads and conducting security audits of MISP deployments will help prevent exploitation. Organizations should also stay informed through official MISP security advisories and threat intelligence feeds to respond promptly to emerging threats.