PT-2020-14413 · Misp · Misp
Published
2020-06-30
·
Updated
2021-07-21
·
CVE-2020-15411
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MISP version 2.4.128
Description
An issue was discovered in the attachment downloader due to insufficient ACL checks in the
app/Controller/AttributesController.php file.Recommendations
For MISP version 2.4.128, consider restricting access to the
AttributesController.php file until a patch is available. As a temporary workaround, review and strengthen ACL checks in the attachment downloader to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Misp