Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenCTI leaks support information due to inadequate access control
Vulnerability Description
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
OpenCTI 授权问题漏洞
Vulnerability Description
OpenCTI是OpenCTI开源的一个开放网络威胁情报平台。 OpenCTI 6.2.18及之前版本存在授权问题漏洞,该漏洞源于对支持信息不足的访问控制,使得普通用户能够访问仅限于具有管理员和支持信息访问权限的用户才能访问的信息。
CVSS Information
N/A
Vulnerability Type
N/A