CVE-2020-8890

EPSS 1.06%
Veröffentlicht 12.02.2020 00:15:09
Zuletzt bearbeitet 22.06.2026 19:23:18
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Misp-project ≫ Misp Version < 2.4.121

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.602

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520

Patch

Third Party Advisory

https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3

Patch

Third Party Advisory

https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8890

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8890

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8890

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-8890