CVE-2020-11458

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477	Patch Third Party Advisory
https://matthias.sdfeu.org/misp-poc.py	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-02 12:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-11458

Mitre link : CVE-2020-11458

CVE.ORG link : CVE-2020-11458

JSON object : View

Products Affected

misp

misp

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-11458", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2020-04-02T12:15:15.870", "references": [{"url": "https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://matthias.sdfeu.org/misp-poc.py", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php."}, {"lang": "es", "value": "El archivo app/Model/feed.php en MISP versiones anteriores a 2.4.124, permite a administradores elegir archivos arbitrarios que deber\u00edan ser consumidos por MISP. Esto no causa una filtraci\u00f3n de todo el contenido de un archivo, pero s\u00ed una filtraci\u00f3n de cadenas que coinciden con determinados patrones. Entre los datos que pueden filtrarse se encuentran las contrase\u00f1as desde el archivo database.php o las frases de clave GPG desde el archivo config.php."}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F514A7E1-4EBA-44ED-B548-C787D4EADC0B", "versionEndExcluding": "2.4.124"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}