PT-2020-12624 · Misp · Misp

Published

2020-04-02

Updated

2021-07-21

CVE-2020-11458

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.4.124

Description The issue allows administrators to choose arbitrary files for ingestion by MISP, leading to potential leaks of specific string patterns. These leaks can include passwords from database.php or GPG key passphrases from config.php.

Recommendations For versions prior to 2.4.124, update to version 2.4.124 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-11458

Affected Products

Misp

PT-2020-12624 · Misp · Misp

CVE-2020-11458

Related Identifiers

Affected Products

References · 5