Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCTI Authenticated Privilege Escalation
Vulnerability Description
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
OpenCTI 安全漏洞
Vulnerability Description
OpenCTI是OpenCTI的开放网络威胁情报平台。 OpenCTI 5.12.31及之前版本存在安全漏洞,该漏洞源于配置文件编辑功能缺乏某些安全控制,允许经过身份验证的低权限攻击者获得Web应用程序的管理权限。
CVSS Information
N/A
Vulnerability Type
N/A