CVE-2020-11458
First published: Thu Apr 02 2020(Updated: )
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Misp Misp | <2.4.124 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-11458.
What is the severity level of CVE-2020-11458?
CVE-2020-11458 has a severity level of medium.
What is the affected software version for CVE-2020-11458?
The affected software version for CVE-2020-11458 is MISP before 2.4.124.
What can be leaked due to CVE-2020-11458?
Strings that match certain patterns, including passwords from databases, can be leaked due to CVE-2020-11458.
How can I fix CVE-2020-11458?
To fix CVE-2020-11458, update MISP to version 2.4.124 or later.
- collector/nvd-index
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- vendor/misp
- canonical/misp misp