Vulnerability Description
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
CVSS Score
7.2
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thehive-Project | Cortex | < 2.1.3 |
References
- https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.mdThird Party Advisory
- https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967PatchThird Party Advisory
- https://github.com/TheHive-Project/Cortex/issues/158Issue TrackingPatchThird Party Advisory
- https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.mdThird Party Advisory
- https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967PatchThird Party Advisory
- https://github.com/TheHive-Project/Cortex/issues/158Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2018-20226?
CVE-2018-20226 is a vulnerability with a CVSS score of 7.2 (HIGH). An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
How severe is CVE-2018-20226?
CVE-2018-20226 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-20226?
Check the references section above for vendor advisories and patch information. Affected products include: Thehive-Project Cortex.