exploitDog

CVE-2025-48741

Опубликовано: 23 мая 2025

Источник: nvd

EPSS Низкий

Описание

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API endpoint.

Ссылки

https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-004.md

EPSS

Процентиль: 18%

0.00057

Низкий

Дефекты

CWE-266

Связанные уязвимости

GHSA-x255-qvfv-83jw

github

9 месяцев назад

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API endpoint.

EPSS

Процентиль: 18%

0.00057

Низкий

Дефекты

CWE-266