Access Control Flaw in OpenCTI Cyber Threat Intelligence Platform
CVE-2024-45805

4.3MEDIUM

Key Information:

Vendor: Opencti-platform
Status: Opencti
Vendor: CVE Published:; 26 December 2024

🔔 Create Opencti-platform Vulnerability Alert

What is CVE-2024-45805?

An access control vulnerability in the OpenCTI Cyber Threat Intelligence Platform allows general users to obtain sensitive information typically restricted to privileged users, including admin and support data. This vulnerability arises from insufficient access controls affecting the retrieval of support information through exposed endpoints. Specifically, unauthorized individuals can access support data using a UUID that was not adequately protected against general queries. The issue has been remediated in version 6.3.0, emphasizing the importance of updating to protect sensitive data from unauthorized exposure.

Affected Version(s)

opencti < 6.3.0

References

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2024
Vulnerability Reserved
Sep 9, 2024

CVE-2024-45805 Data

JSON