Access Control Flaw in OpenCTI Cyber Threat Intelligence Platform
CVE-2024-45805

4.3MEDIUM

Key Information:

Vendor: Opencti-platform
Status: Opencti
Vendor: CVE Published:; 26 December 2024

🔔 Create Opencti-platform Vulnerability Alert

What is CVE-2024-45805?

An access control vulnerability in the OpenCTI Cyber Threat Intelligence Platform allows general users to obtain sensitive information typically restricted to privileged users, including admin and support data. This vulnerability arises from insufficient access controls affecting the retrieval of support information through exposed endpoints. Specifically, unauthorized individuals can access support data using a UUID that was not adequately protected against general queries. The issue has been remediated in version 6.3.0, emphasizing the importance of updating to protect sensitive data from unauthorized exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

opencti < 6.3.0

References

https://github.com/OpenCTI-Platform/opencti/security/advi...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 26, 2024
Vulnerability Reserved
Sep 9, 2024

JSON

Opencti-platform