CVE-2020-15412
on github
Published
Severity
CVSS v3:
4.3 MEDIUM
CVSS v2:
4 MEDIUM
Description
An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.
References
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:misp:misp:2.4.128:*:*:*:*:*:*:* | n/a | n/a | 2.4.128 |