CVE-2020-28043

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-28043

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28043.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-28043

Published

2020-11-02T21:15:31.400Z

Modified

2026-04-10T04:26:42.258708Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

MISP through 2.4.133 allows SSRF in the REST client via the usefullpath parameter with an arbitrary URL.

References

https://github.com/MISP/MISP/commit/6e81c8ee8ad19576c055b5c4773f914b918f32be

Affected packages

Git / github.com/misp/misp

Affected ranges

Type

GIT

Repo

https://github.com/misp/misp

Events

Introduced

Last affected

e89b14b0841f5ed101245bb2043e20fc2d3dca6c

Fixed

6e81c8ee8ad19576c055b5c4773f914b918f32be

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.4.133"
        }
    ]
}

Affected versions

Other

codename/tellurium

v0.*

v0.2

v2.*

v2.3.0

v2.4.0

v2.4.1

v2.4.10

v2.4.100

v2.4.101

v2.4.102

v2.4.106

v2.4.107

v2.4.109

v2.4.11

v2.4.110

v2.4.111

v2.4.118

v2.4.120

v2.4.121

v2.4.122

v2.4.123

v2.4.125

v2.4.127

v2.4.128

v2.4.13

v2.4.130

v2.4.133

v2.4.14

v2.4.15

v2.4.16

v2.4.17

v2.4.18

v2.4.2

v2.4.20

v2.4.21

v2.4.22

v2.4.23

v2.4.24

v2.4.25

v2.4.26

v2.4.27

v2.4.3

v2.4.34

v2.4.35

v2.4.36

v2.4.37

v2.4.38

v2.4.39

v2.4.4

v2.4.43

v2.4.45

v2.4.46

v2.4.47

v2.4.48

v2.4.5

v2.4.50

v2.4.51

v2.4.52

v2.4.53

v2.4.54

v2.4.56

v2.4.57

v2.4.58

v2.4.59

v2.4.60

v2.4.61

v2.4.62

v2.4.63

v2.4.64

v2.4.65

v2.4.7

v2.4.78

v2.4.80

v2.4.82

v2.4.83

v2.4.85

v2.4.86

v2.4.87

v2.4.88

v2.4.89

v2.4.9

v2.4.91

v2.4.93

v2.4.94

v2.4.95

v2.4.96

v2.4.98

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28043.json"