QSearchQSearch

CVE-2020-8890

5.9 MEDIUM

An issue was discovered in MISP before 2.4.121

Published: 2020-02-12 · Last updated: 2026-06-22

Severity and scoring

CVSS
5.9 MEDIUM
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE
CWE-367

Affected products

VendorProduct
misp-projectmisp

Description

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of invalid requests.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2021-41326 In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call (9.8 CRITICAL)
  • CVE-2021-39302 MISP 2.4.148, in certain configurations, allows SQL injection via the app/Model/Log.php $conditions['org'] value (9.8 CRITICAL)
  • CVE-2021-37743 app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format (5.4 MEDIUM)
  • CVE-2021-37742 app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships (5.4 MEDIUM)
  • CVE-2021-37534 app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster (5.4 MEDIUM)

Same CWE

  • CVE-2026-54228 A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method (7.8 HIGH)
  • CVE-2026-53838 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approv... (9.8 CRITICAL)
  • CVE-2026-53831 OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expan... (8.3 HIGH)
  • CVE-2026-53822 OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution (8.8 HIGH)
  • CVE-2026-54055 Kitty is a cross-platform GPU based terminal (5.0 MEDIUM)