Date: February 25, 2020 Affected Vendor: CIRCL – Computer Incident Response Center Luxembourg Affected Product: MISP – Malware Information Sharing Platform & Open Standards For Threat Information Sharing Vulnerable Version: 2.4.120 Fixed Version: 2.4.121 CVSS: 5.4 Medium Recommendations: Update to MISP version 2.4.121 Vulnerability Details: When an event is shared with a particular distribution group, all users of that MISP instance can view the thread related to that event and add new posts. CVE: CVE-2020-8894 Credits: Dawid Czarnecki References: - https://www.misp-project.org/2020/02/12/MISP.2.4.121.released.html - https://github.com/MISP/MISP/commit/9400b8bc8699435d84508e598aca98a31affd77c - https://github.com/MISP/MISP/compare/v2.4.120...v2.4.121 - https://nvd.nist.gov/vuln/detail/CVE-2020-8894