Main Vulnerability Database SB2020040227

SB2020040227 - Information disclosure in misp-project MISP

Published: April 2, 2020 Updated: July 17, 2020

Security Bulletin ID SB2020040227

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: CVE-2020-11458)

The vulnerability allows a remote privileged user to gain access to sensitive information.

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.

Remediation

Install update from vendor's website.

References

https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477
https://matthias.sdfeu.org/misp-poc.py