CVE-2020-28043 : Security Advisory and Response

MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL.

Understanding CVE-2020-28043

MISP through version 2.4.133 is vulnerable to Server-Side Request Forgery (SSRF) attacks.

What is CVE-2020-28043?

CVE-2020-28043 is a vulnerability in MISP versions up to 2.4.133 that enables SSRF through manipulation of the use_full_path parameter, allowing attackers to send unauthorized requests from the server.

The Impact of CVE-2020-28043

This vulnerability could be exploited by malicious actors to bypass security controls, access internal systems, and potentially perform further attacks within the network.

Technical Details of CVE-2020-28043

MISP through 2.4.133 is susceptible to SSRF due to improper handling of the use_full_path parameter.

Vulnerability Description

The vulnerability allows an attacker to specify an arbitrary URL in the use_full_path parameter, leading to SSRF attacks.

Affected Systems and Versions

Product: Not applicable
Vendor: Not applicable
Versions: All versions up to 2.4.133

Exploitation Mechanism

Attackers can exploit this vulnerability by manipulating the use_full_path parameter to make the server perform requests to unintended destinations.

Mitigation and Prevention

It is crucial to take immediate steps to mitigate the risks posed by CVE-2020-28043.

Immediate Steps to Take

Update MISP to the latest version to patch the vulnerability.
Implement strict input validation to prevent unauthorized URL requests.
Monitor and restrict outgoing network traffic from the server.

Long-Term Security Practices

Regularly audit and review server configurations for security vulnerabilities.
Educate users on SSRF risks and best practices for secure coding.

Patching and Updates

Apply security patches promptly to ensure the protection of the system against known vulnerabilities.