CVE-2020-8891
published 2020-02-12CVE-2020-8891: An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
PriorityP426medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
1.42%
69.5th percentile
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| misp-project | misp | < 2.4.121 | 2.4.121 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
MISP up to 2.4.120 Username
vuldb·2026-06-23·CVSS 5.9
CVE-2020-8891 [MEDIUM] MISP up to 2.4.120 Username
A vulnerability, which was classified as critical, has been found in MISP up to 2.4.120. Affected is an unknown function of the component Username Handler. Performing a manipulation results in an unknown weakness.
This vulnerability is cataloged as CVE-2020-8891. It is possible to initiate the attack remotely. There is no exploit available.
It is advisable to upgrade the affected component.
GHSA
GHSA-4wxj-r835-5f6x: An issue was discovered in MISP before 2
ghsa_unreviewed·2022-05-24
CVE-2020-8891 [MEDIUM] GHSA-4wxj-r835-5f6x: An issue was discovered in MISP before 2
An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121https://github.com/MISP/MISP/commit/934c82819237b4edf1da64587b72a87bec5dd520https://github.com/MISP/MISP/commit/c1a0b3b2809b21b4df8c1efbc803aff700e262c3https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121
2020-02-12
Published