Vulnerability Description
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Citeum | Opencti | < 6.3.0 |
Related Weaknesses (CWE)
References
- https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-42mm-c8x3-gVendor Advisory
- https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-42mm-c8x3-gVendor Advisory
FAQ
What is CVE-2024-45805?
CVE-2024-45805 is a vulnerability with a CVSS score of 4.3 (MEDIUM). OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support informat...
How severe is CVE-2024-45805?
CVE-2024-45805 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-45805?
Check the references section above for vendor advisories and patch information. Affected products include: Citeum Opencti.