PT-2020-14096 · Misp · Misp
Published
2020-06-22
·
Updated
2021-07-21
·
CVE-2020-14969
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MISP version 2.4.127
Description
The issue arises from a lack of ACL lookup on attribute correlations in the app/Model/Attribute.php file. This occurs when querying the "attribute restsearch API", revealing metadata about a correlating but unreachable attribute.
Recommendations
For version 2.4.127, consider restricting access to the attribute restsearch API until a patch is available. As a temporary workaround, review and limit the use of attribute correlations to minimize the risk of metadata exposure.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Misp