CVE Details for CVE: CVE-2020-15412
Summary
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
Timestamps | |
---|---|
Last major update | 21-07-2021 - 11:39 |
Published | 30-06-2020 - 14:15 |
Last modified | 21-07-2021 - 11:39 |
CWE
CVSS
Base
4.0
Impact
2.9
Exploitability
8.0
Access
Vector | Complexity | Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Impact
Confidentiality | Integrity | Availability |
---|---|---|
NONE | PARTIAL | NONE |
CVSS3
Base
4.3
Impact
1.4
Exploitability
2.8
Access
Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
LOW | NETWORK | LOW | UNCHANGED | NONE |
Impact
Confidentiality | Integrity | Availability |
---|---|---|
NONE | LOW | NONE |