CVE-2020-8890

MISP/MISP

on github

Published

February 12, 2020

Severity

CVSS v3:

5.9 MEDIUM

CVSS v2:

4.3 MEDIUM

Description

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.

References

https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520
https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3
https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:misp:misp::::::::	n/a	2.4.121	*

External Links

NVD - CVE-2020-8890