CVE-2024-26139: OpenCTI Authenticated Privilege Escalation
First published: Thu May 23 2024(Updated: )
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenCTI |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-26139?
CVE-2024-26139 is classified as a medium-severity vulnerability due to the potential for authenticated attackers to escalate their privileges.
How do I fix CVE-2024-26139?
To fix CVE-2024-26139, ensure that proper security controls are implemented on the profile edit functionality in OpenCTI.
Who is affected by CVE-2024-26139?
CVE-2024-26139 affects all versions of OpenCTI where the profile edit functionality lacks appropriate security measures.
What type of attack can be executed using CVE-2024-26139?
An authenticated attacker with low privileges can exploit CVE-2024-26139 to gain administrative privileges in OpenCTI.
When was CVE-2024-26139 disclosed?
CVE-2024-26139 was disclosed recently, highlighting a critical security oversight in the OpenCTI platform.
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/opencti
- canonical/opencti