MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #19 from dawid-czarnecki/2020-02-12-typo 

fix: [blog] MISP 2.4.121 release typo
pull/21/head
Alexandre Dulaunoy 2020-02-14 22:56:00 +01:00 committed by GitHub
parent 22a5999aaf 4d9e223d41
commit fecdd3685f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
_posts/2020-02-12-MISP.2.4.121.released.md
View File

@ -13,7 +13,7 @@ A new version of MISP ([2.4.121](https://github.com/MISP/MISP/tree/v2.4.121)) ha
The new version includes fixes to a set of vulnerabilities, kindly reported by Dawid Czarnecki. For details, see the attached CVE information.
- A reflected XSS in the galaxy view [CVE-2020-8893](https://cve.circl.lu/cve/CVE-2020-8893)
- ACL wasn't always correctly adhered to for the discussion threads [CVE-2020-8894](https://cve.circl.lu/cve/CVE-2020-8892)
- ACL wasn't always correctly adhered to for the discussion threads [CVE-2020-8894](https://cve.circl.lu/cve/CVE-2020-8894)
- Potential time skew between web server and database would cause the brute force protection not to fire.[CVE-2020-8890](https://cve.circl.lu/cve/CVE-2020-8890)
Whilst investigating the above, we have identified and resolved other issues with the brute force protection: