Shodan
Vulnerabilities
Vulnerable Software
Misp:  >> Misp  >> 2.2.2  Security Vulnerabilities
CVE-2020-25766
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-18
CVE-2020-15711
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-14
CVE-2020-13153
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-18
CVE-2020-11458
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-04-02
CVE-2020-8890
An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.
CVSS Score
5.9
EPSS Score
0.004
Published
2020-02-12
CVE-2020-8891
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
CVSS Score
5.9
EPSS Score
0.004
Published
2020-02-12
CVE-2020-8892
An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.
CVSS Score
8.1
EPSS Score
0.005
Published
2020-02-12
CVE-2020-8893
An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.
CVSS Score
7.5
EPSS Score
0.004
Published
2020-02-12
CVE-2020-8894
An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2020-02-12
CVE-2019-16202
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-09-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved