MISP up to 2.4.120 Galaxy View view.ctp String

Summaryinfo

A vulnerability was found in MISP up to 2.4.120 and classified as critical. This affects an unknown part of the file app/View/Galaxies/view.ctp of the component Galaxy View. The manipulation as part of String results in an unknown weakness. This vulnerability is reported as CVE-2020-8893. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in MISP up to 2.4.120. Affected is an unknown code of the file app/View/Galaxies/view.ctp of the component Galaxy View. The manipulation as part of a String leads to a unknown weakness. This is going to have an impact on integrity. CVE summarizes:

An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.

The weakness was disclosed 02/12/2020. This vulnerability is traded as CVE-2020-8893 since 02/11/2020. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are known, but there is no available exploit.

Upgrading to version 2.4.121 eliminates this vulnerability.

The entries VDB-150043, VDB-150041, VDB-150040 and VDB-150039 are pretty similar. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• MISP

Version

• 2.4.120

License

• open-source

Website

• Product: https://github.com/MISP/MISP/

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion