Arbitrary File Ingestion Vulnerability in MISP (CVE-2021-XXXX)

Arbitrary File Ingestion Vulnerability in MISP (CVE-2021-XXXX)

CVE-2020-11458 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.

Learn more about our Web Application Penetration Testing UK.