3 matches found
CVE-2020-28043
MISP through 2.4.133 allows SSRF in the REST client via the usefullpath parameter with an arbitrary URL...
CVE-2020-28043
MISP through 2.4.133 allows SSRF in the REST client via the usefullpath parameter with an arbitrary URL...
CVE-2020-28043
MISP up to version 2.4.133 contains a SSRF vulnerability in its REST client via the use_full_path parameter, allowing requests to arbitrary URLs. The root cause is exposure of server-side request construction in the REST client, enabling an attacker to induce the application to reach internal or ...