CVE-2020-8890

MEDIUM EPSS 61.2%
Published Feb 12, 20206y ago · Modified Jun 22, 20261w ago
5.9 CVSS 3.1
Medium
Find Similar
Published Feb 12, 2020 6y ago
Last Modified Jun 22, 2026 1w ago

Description

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.

CVSS Details

Base Score
5.9
Exploitability
2.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
61.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-367

Affected Products 1

VendorProductVersionRange
misp-projectmisp* <2.4.121

References 3

  • github.com https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520
    PatchThird Party Advisory
  • github.com https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3
    PatchThird Party Advisory
  • github.com https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121
    PatchThird Party Advisory

Remediation

  • github.com https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520
    PatchThird Party Advisory
  • github.com https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3
    PatchThird Party Advisory
  • github.com https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121
    PatchThird Party Advisory