Misp: Security Vulnerabilities
MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-11-02
An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
CVSS Score
7.5
EPSS Score
0.002
Published
2020-09-18
In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-14
An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-06-30
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
CVSS Score
4.3
EPSS Score
0.002
Published
2020-06-30
app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute.
CVSS Score
7.5
EPSS Score
0.003
Published
2020-06-22
app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-18
MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-05-15
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
CVSS Score
4.9
EPSS Score
0.004
Published
2020-04-02
MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/statistics_orgs.ctp.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-03-09