An issue was discovered in app/Model/SharingGroupServer.php in MISP 2.4.139. In the implementation of Sharing Groups, the «all org» flag sometimes provided view access to unintended actors.
