CVE-2020-11458

{"id": "CVE-2020-11458", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2020-04-02T12:15:15.870", "references": [{"url": "https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://matthias.sdfeu.org/misp-poc.py", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/MISP/MISP/commit/30ff4b6451549dae7b526d4fb3a49061311ed477", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://matthias.sdfeu.org/misp-poc.py", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php."}, {"lang": "es", "value": "El archivo app/Model/feed.php en MISP versiones anteriores a 2.4.124, permite a administradores elegir archivos arbitrarios que deber\u00edan ser consumidos por MISP. Esto no causa una filtraci\u00f3n de todo el contenido de un archivo, pero s\u00ed una filtraci\u00f3n de cadenas que coinciden con determinados patrones. Entre los datos que pueden filtrarse se encuentran las contrase\u00f1as desde el archivo database.php o las frases de clave GPG desde el archivo config.php."}], "lastModified": "2024-11-21T04:57:57.807", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F514A7E1-4EBA-44ED-B548-C787D4EADC0B", "versionEndExcluding": "2.4.124"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}