CVE-2020-8890

Severity Score

5.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.

Se detectó un problema en MISP versiones anteriores a 2.4.121. Manejó inapropiadamente la distorsión del tiempo (entre la máquina que aloja el servidor web y la máquina que aloja la base de datos) cuando intenta bloquear una serie de peticiones inválidas de fuerza bruta.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-02-11 CVE Reserved
2020-02-11 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

CAPEC

References (3)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520	2020-02-14
https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3	2020-02-14
https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121	2020-02-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Misp Search vendor "Misp"		Misp Search vendor "Misp" for product "Misp"				< 2.4.121 Search vendor "Misp" for product "Misp" and version " < 2.4.121"		-		Affected