Vulnerability Details : CVE-2020-11458
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
Products affected by CVE-2020-11458
- cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-11458
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-11458
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
1.2
|
3.6
|
NIST |
References for CVE-2020-11458
-
https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477
chg: [security] Added setting to restrict the encoding of local feeds · MISP/MISP@30ff4b6 · GitHubPatch;Third Party Advisory
-
https://matthias.sdfeu.org/misp-poc.py
Exploit;Third Party Advisory
Jump to