CVE-2020-8892

Опубликовано: 12 фев. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests.

Ссылки

https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520
Patch
Third Party Advisory
https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3
Patch
Third Party Advisory
https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121
Patch
Third Party Advisory
https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520
Patch
Third Party Advisory
https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3
Patch
Third Party Advisory
https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*

Версия до 2.4.121 (исключая)

EPSS

Процентиль: 66%

0.0051

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-2xc2-rj8c-xgm7

github

больше 3 лет назад