exploitDog

CVE-2020-8891

Опубликовано: 12 фев. 2020

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.

Ссылки

https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520
Patch
Third Party Advisory
https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3
Patch
Third Party Advisory
https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121
Patch
Third Party Advisory
https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520
Patch
Third Party Advisory
https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3
Patch
Third Party Advisory
https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*

Версия до 2.4.121 (исключая)

EPSS

Процентиль: 61%

0.0042

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4wxj-r835-5f6x

github

больше 3 лет назад

An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.

EPSS

Процентиль: 61%

0.0042

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo