CVE-2020-15411

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15411

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15411.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15411

Published

2020-06-30T14:15:11.813Z

Modified

2026-04-10T04:22:57.561204Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader.

References

https://github.com/MISP/MISP/commit/d14ce7de709cdde3ecc9433e38e14c682894e88a

Affected packages

Git / github.com/misp/misp

Affected ranges

Type

GIT

Repo

https://github.com/misp/misp

Events

Introduced

Last affected

eb9e1a490cb9b98dfb52b62d0ce14b8040bb8c4a

Fixed

d14ce7de709cdde3ecc9433e38e14c682894e88a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.128"
        }
    ]
}

Affected versions

Other

codename/tellurium

v0.*

v0.2

v2.*

v2.3.0

v2.4.0

v2.4.1

v2.4.10

v2.4.100

v2.4.101

v2.4.102

v2.4.106

v2.4.107

v2.4.109

v2.4.11

v2.4.110

v2.4.111

v2.4.118

v2.4.120

v2.4.121

v2.4.122

v2.4.123

v2.4.125

v2.4.127

v2.4.128

v2.4.13

v2.4.14

v2.4.15

v2.4.16

v2.4.17

v2.4.18

v2.4.2

v2.4.20

v2.4.21

v2.4.22

v2.4.23

v2.4.24

v2.4.25

v2.4.26

v2.4.27

v2.4.3

v2.4.34

v2.4.35

v2.4.36

v2.4.37

v2.4.38

v2.4.39

v2.4.4

v2.4.43

v2.4.45

v2.4.46

v2.4.47

v2.4.48

v2.4.5

v2.4.50

v2.4.51

v2.4.52

v2.4.53

v2.4.54

v2.4.56

v2.4.57

v2.4.58

v2.4.59

v2.4.60

v2.4.61

v2.4.62

v2.4.63

v2.4.64

v2.4.65

v2.4.7

v2.4.78

v2.4.80

v2.4.82

v2.4.83

v2.4.85

v2.4.86

v2.4.87

v2.4.88

v2.4.89

v2.4.9

v2.4.91

v2.4.93

v2.4.94

v2.4.95

v2.4.96

v2.4.98

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15411.json"