An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25766
Reference (s):
- https://github.com/MISP/MISP/commit/164963100a830234744a6004d5eda55d24e97b2a
- https://github.com/MISP/MISP/compare/v2.4.131 v2.4.132