chg: [security] CVE-2020-29572 added

pull/35/head
Alexandre Dulaunoy 2020-12-07 08:54:29 +01:00
parent d723d3b82b
commit 45a7dadd88
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 2 additions and 0 deletions

View File

@ -60,6 +60,8 @@ We firmly believe that, even though unfortunately it is often not regarded as co
- [CVE-2020-25766](https://cve.circl.lu/cve/CVE-2020-25766) <= MISP 2.4.131 - An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. - [CVE-2020-25766](https://cve.circl.lu/cve/CVE-2020-25766) <= MISP 2.4.131 - An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
- [CVE-2020-28043](https://cve.circl.lu/cve/CVE-2020-28043) <= MISP 2.4.133 - MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. - [CVE-2020-28043](https://cve.circl.lu/cve/CVE-2020-28043) <= MISP 2.4.133 - MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.
- [CVE-2020-28947](https://cve.circl.lu/cve/CVE-2020-28947) <= MISP 2.4.134 - In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled. - [CVE-2020-28947](https://cve.circl.lu/cve/CVE-2020-28947) <= MISP 2.4.134 - In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.
- [CVE-2020-29572](https://cve.circl.lu/cve/CVE-2020-29572)2) =< MISP 2.4.135 - app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
## PGP Key ## PGP Key