OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external
flag on/off and change the own token value for a user. It is also possible to edit attributes that are not in the allow list, such as otp_qr
and otp_activated
. If external users exist in the OpenCTI setup and the information about these users identities is sensitive, the above vulnerabilities can be used to enumerate existing user accounts as a standard low privileged user. This issue has been patched in version 6.4.10.
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Opencti | Citeum | 6.4.8 (excluding) | 6.4.10 (including) |
Access control involves the use of several protection mechanisms such as:
When any mechanism is not applied or otherwise fails, attackers can compromise the security of the product by gaining privileges, reading sensitive information, executing commands, evading detection, etc. There are two distinct behaviors that can introduce access control weaknesses: