CVE-2024-26139 — HIGH (8.3)

Q: How severe is CVE-2024-26139?

CVE-2024-26139 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-26139?

Check the references section above for vendor advisories and patch information. Affected products include: Citeum Opencti.

Vulnerability Description

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.

CVSS Score

8.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Citeum	Opencti	<= 5.12.31

Related Weaknesses (CWE)

CWE-657 CWE-284

References

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vVendor Advisory
https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vVendor Advisory

FAQ

What is CVE-2024-26139?

CVE-2024-26139 is a vulnerability with a CVSS score of 8.3 (HIGH). OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionalit...

How severe is CVE-2024-26139?

CVE-2024-26139 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-26139?

Check the references section above for vendor advisories and patch information. Affected products include: Citeum Opencti.