Misp: >> Misp >> 2.4.131 Security Vulnerabilities
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-11-24
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-02
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-18
Page 4