CVE-2020-15412

MEDIUM EPSS 47.7%
Published Jun 30, 20206y ago · Modified Jun 22, 20261w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Jun 30, 2020 6y ago
Last Modified Jun 22, 2026 1w ago

Description

An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
47.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 1

VendorProductVersionRange
misp-projectmisp2.4.128any

References 1

  • github.com https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/MISP/MISP/commit/b0be3b07fee2ab9bf1869ef81a7f24f58bd687ef
    PatchThird Party Advisory