Administrative Privileges Vulnerability in OpenCTI Platform
CVE-2024-26139

8.1HIGH

Key Information:

Vendor: Opencti-platform
Status: Opencti
Vendor: CVE Published:; 23 May 2024

🔔 Create Opencti-platform Vulnerability Alert

What is CVE-2024-26139?

OpenCTI, a widely used open-source platform for managing cyber threat intelligence, has a significant vulnerability related to its profile edit functionality. This flaw allows an authenticated attacker with minimal privileges to exploit the system and elevate their privileges to administrative levels. The vulnerability arises from insufficient security controls, compromising the integrity and security of the application. Organizations relying on OpenCTI should prioritize patching to mitigate potential risks associated with unauthorized access and data exposure.

Affected Version(s)

opencti <= 5.12.31

References

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2024
Vulnerability Reserved
Feb 14, 2024

CVE-2024-26139 Data

JSON