CVE-2024-45805

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45805

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45805.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-45805

Aliases

GHSA-42mm-c8x3-g5q6

Published

2024-12-26T21:34:48.751Z

Modified

2026-05-10T03:52:35.860657Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

OpenCTI leaks support information due to inadequate access control

Details

OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45805.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-200",
        "CWE-285"
    ]
}

References

Affected packages

Git / github.com/opencti-platform/opencti

Affected ranges

Type

GIT

Repo

https://github.com/opencti-platform/opencti

Events

Introduced

Fixed

558e6c1c35cd1dcfeea937e050e185d69a10e322

Database specific

{
    "cpe": "cpe:2.3:a:citeum:opencti:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "6.3.0"
        }
    ]
}

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.1.0

1.1.2

2.*

2.0.1

2.0.2

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.2.0

3.2.2

3.3.0

3.3.1

3.3.2

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.1.0

4.1.1

4.1.2

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.4.0

4.4.1

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.10.0

5.10.1

5.10.2

5.10.3

5.11.0

5.11.1

5.11.10

5.11.11

5.11.12

5.11.13

5.11.2

5.11.3

5.11.4

5.11.5

5.11.6

5.11.7

5.11.8

5.11.9

5.12.0

5.12.1

5.12.10

5.12.11

5.12.12

5.12.13

5.12.14

5.12.15

5.12.16

5.12.17

5.12.18

5.12.19

5.12.2

5.12.20

5.12.21

5.12.22

5.12.23

5.12.24

5.12.25

5.12.26

5.12.27

5.12.3

5.12.4

5.12.5

5.12.6

5.12.7

5.12.8

5.12.9

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.3.0

5.3.1

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.17

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.4.0

5.4.1

5.5.0

5.5.1

5.5.2

5.5.3

5.5.4

5.6.0

5.6.1

5.6.2

5.7.0

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.9.0

5.9.1

5.9.2

5.9.3

5.9.4

5.9.5

5.9.6

6.*

6.0.0

6.0.10

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.1.0

6.1.1

6.1.10

6.1.12

6.1.2

6.1.3

6.1.4

6.1.5

6.1.6

6.1.7

6.1.8

6.1.9

6.2.0

6.2.1

6.2.10

6.2.11

6.2.12

6.2.13

6.2.14

6.2.2

6.2.3

6.2.4

6.2.5

6.2.6

6.2.7

6.2.8

6.2.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45805.json"