Misp: >> Misp >> 2.4.128 Security Vulnerabilities
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-02
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-18
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-14
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-30
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-30
Page 4