exploitDog

CVE-2024-26139

Опубликовано: 23 мая 2024

Источник: nvd

CVSS3: 8.3

CVSS3: 8.1

EPSS Низкий

Описание

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.

Ссылки

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9
Vendor Advisory
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*

Версия до 5.12.31 (включая)

EPSS

Процентиль: 37%

0.00158

Низкий

8.3 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

EPSS

Процентиль: 37%

0.00158

Низкий

8.3 High

CVSS3

8.1 High

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo