📦 Opencti

OpenCTI versions before 6.4.11 contain a critical vulnerability where users with 'manage customizations' capability can execute arbitrary commands on the underlying infrastructure via webhook misuse. ...

CVE-2020-37041 is a directory traversal vulnerability in OpenCTI 3.3.1 that allows unauthenticated attackers to read arbitrary files from the server filesystem. Attackers can exploit this by sending c...

This vulnerability allows attackers to delete other users' workspaces in OpenCTI by exploiting an authorization flaw in the GraphQL mutation 'WorkspacePopoverDeletionMutation'. Any OpenCTI instance ru...

This vulnerability in OpenCTI allows authenticated users with low privileges to escalate their permissions to administrative level through the profile edit functionality. Organizations using vulnerabl...

OpenCTI versions before 6.8.3 contain an open redirect vulnerability in the SAML authentication callback endpoint. Attackers can manipulate the RelayState parameter to redirect users to malicious exte...

OpenCTI versions 6.4.8 through 6.4.9 contain an authorization bypass vulnerability that allows authenticated users to modify restricted user attributes. Attackers can toggle external user flags, chang...