CVE-2020-14969

{"id": "CVE-2020-14969", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-06-22T12:15:10.290", "references": [{"url": "https://github.com/MISP/MISP/commit/609bfbd450c933d21c50c9f0161d633c43413eb6", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/MISP/MISP/commit/609bfbd450c933d21c50c9f0161d633c43413eb6", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute."}, {"lang": "es", "value": "el archivo app/Model/Attribute.php en MISP versi\u00f3n 2.4.127, carece de una b\u00fasqueda de la ACL en las correlaciones de atributos. Esto ocurre cuando se consulta la API restsearch de atributo, revelando metadatos sobre un atributo correlativo pero inalcanzable"}], "lastModified": "2024-11-21T05:04:32.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:misp:misp:2.4.127:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "400FD080-3DDD-486F-8FA5-B44F55852BE0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}