We are reliable, trustworthy, and ready for challenges! Hire Us
MISP – Mishandling of discussion threads ACLs
- Home
- Advisories
- MISP – Mishandling of discussion threads ACLs
DATE
25.02.2020
Affected Vendor
CIRCL – Computer Incident Response Center Luxembourg
Affected Product
MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing – https://www.misp-project.org/
Vulnerable version
2.4.120
Fixed version
2.4.121
CVSS
5.4 Medium CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Recommendations
Update to MISP version 2.4.121
Vulnerability details
When an event is shared with a particular distribution group, all users of that MISP instance can view the thread related to that event and add new posts.
CVE
CVE-2020-8894
Credits
Dawid Czarnecki
Do you think the security of your data might be lacking? Let's find the best approach together.
Once you contact us, we will ask you about the project you want to secure.