CVE-2020-28043

on github

Published

November 2, 2020

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

5 MEDIUM

Description

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.

References

https://github.com/MISP/MISP/commit/6e81c8ee8ad19576c055b5c4773f914b918f32be

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:misp:misp::::::::	n/a	2.4.133 (including)	*

External Links

NVD - CVE-2020-28043