CVE-2020-8894 : An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were

An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.

Published 2020-02-12 00:15:10

Updated 2023-09-28 14:15:12

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2020-8894

Misp » Misp
Versions before (<) 2.4.121
cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-8894

EPSS FAQ

0.41%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 60 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-8894

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	3.9	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

References for CVE-2020-8894

https://zigrin.com/advisories/misp-mishandling-of-discussion-threads-acls/

MISP - Mishandling of discussion threads ACLs | Web Application Security Testing
https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121

Comparing v2.4.120...v2.4.121 · MISP/MISP · GitHub
Patch;Third Party Advisory

CVEs referencing this url
https://github.com/MISP/MISP/commit/9400b8bc8699435d84508e598aca98a31affd77c

fix: [security] discussion thread ACL issues fixed · MISP/MISP@9400b8b · GitHub
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-8894

Products affected by CVE-2020-8894

Exploit prediction scoring system (EPSS) score for CVE-2020-8894

CVSS scores for CVE-2020-8894

References for CVE-2020-8894