Vulnerabilities > CVE-2020-28043 - Server-Side Request Forgery (SSRF) vulnerability in Misp

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
misp
CWE-918

Summary

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.

Vulnerable Configurations

Part Description Count
Application
Misp
299

Common Weakness Enumeration (CWE)