CVE: CVE-2020-15412 - CVE-Search

CVE Details for CVE: CVE-2020-15412

Summary

An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.

Timestamps
Last major update	21-07-2021 - 11:39
Published	30-06-2020 - 14:15
Last modified	21-07-2021 - 11:39

References

https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef

Vulnerable Configurations

cpe:2.3:a:misp:misp:2.4.128:*:*:*:*:*:*:*
cpe:2.3:a:misp:misp:2.4.128:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

CWE-862

CVSS

Base

4.0

Impact

2.9

Exploitability

8.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

CVSS3

Base

4.3

Impact

1.4

Exploitability

2.8

Access

Attack Complexity	Attack vector	Privileges Required	Scope	User Interaction
LOW	NETWORK	LOW	UNCHANGED	NONE

Impact

Confidentiality	Integrity	Availability
NONE	LOW	NONE

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:P/A:N

cvss3-vector via4

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

refmap via4

misc

https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef