CVE-2020-11458 in MISP
Summary
by MITRE
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 06/23/2026
The vulnerability identified as CVE-2020-11458 affects the MISP (Malware Information Sharing Platform) software version prior to 2.4.124, specifically within the app/Model/feed.php component. This issue represents a significant security flaw that enables administrators to select arbitrary files for ingestion into the MISP system, creating potential data exposure risks that extend beyond simple file access. The vulnerability operates through a design flaw in how file processing is handled within the feed ingestion functionality, allowing for unintended data leakage through pattern matching mechanisms rather than complete file disclosure.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the feed processing module. When administrators configure file ingestion parameters, the system fails to properly restrict which files can be processed, enabling malicious actors or compromised administrators to specify sensitive configuration files. The flaw does not result in complete file contents being exposed but rather permits the extraction of strings that match specific patterns, making it particularly dangerous for sensitive data such as database credentials and GPG key passphrases. This pattern-based leakage mechanism aligns with CWE-20: Improper Input Validation, where inadequate restrictions on file processing lead to unintended data exposure.
The operational impact of this vulnerability extends beyond simple credential leakage, as it creates opportunities for attackers to harvest sensitive information that could compromise entire system infrastructures. Database.php files often contain administrative passwords and connection strings that, when leaked, could allow unauthorized access to backend databases storing critical threat intelligence data. Similarly, GPG key passphrases from config.php files could enable attackers to decrypt sensitive communications and potentially compromise the integrity of the threat sharing platform. This vulnerability directly impacts the confidentiality and integrity of information within MISP environments, as outlined in the ATT&CK framework under T1552: Credentials in Files, where adversaries seek to obtain credentials from system files.
Mitigation strategies for CVE-2020-11458 should prioritize immediate patching to version 2.4.124 or later, which addresses the improper file handling and input validation issues. Organizations should implement strict file access controls and privilege separation, ensuring that only authorized personnel can configure feed ingestion parameters. The remediation process should include comprehensive review of existing feed configurations and implementation of automated monitoring for unauthorized file access attempts. Additionally, security teams should conduct regular vulnerability assessments targeting similar input validation flaws and establish robust logging mechanisms to detect pattern-based data leakage attempts. The fix should incorporate proper file type validation, path restriction mechanisms, and comprehensive input sanitization to prevent arbitrary file selection during feed processing operations.