// For flags

CVE-2020-11458

 

Severity Score

4.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.

El archivo app/Model/feed.php en MISP versiones anteriores a 2.4.124, permite a administradores elegir archivos arbitrarios que deberían ser consumidos por MISP. Esto no causa una filtración de todo el contenido de un archivo, pero sí una filtración de cadenas que coinciden con determinados patrones. Entre los datos que pueden filtrarse se encuentran las contraseñas desde el archivo database.php o las frases de clave GPG desde el archivo config.php.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-04-01 CVE Reserved
  • 2020-04-02 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Misp
Search vendor "Misp"
 Misp
Search vendor "Misp" for product "Misp"
 < 2.4.124
Search vendor "Misp" for product "Misp" and version " < 2.4.124"
-
Affected