Home > Vulnerability Database > CVE-2024-45805

Mend.io Vulnerability Database

CVE-2024-45805

Date: December 26, 2024

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.

Severity Score

4.3

Related Resources (3)

Url: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-42mm-c8x3-g5q6

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45805

Url: https://www.mend.io/vulnerability-database/CVE-2024-45805

Severity Score

4.3

Weakness Type (CWE)

Improper Authorization

CWE-285

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45805

Date: December 26, 2024

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?