CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39069
https://notcve.org/view.php?id=CVE-2023-39069
11 Sep 2023 — An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. Un problema en StrangeBee TheHive v.5.0.8, v.4.1.21 y Cortex v.3.1.6 permite a un atacante remoto obtener privilegios a través del mecanismo de autenticación de Directorio Activo. • https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-001%3A%20Authentication%20bypass%20due%20to%20incomplete%20checks%20in%20the%20Active%20Directory%20authentication%20module.md • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-23536 – Alertmanager can expose local files content via specially crafted config
https://notcve.org/view.php?id=CVE-2022-23536
19 Dec 2022 — Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to u... • https://cortexmetrics.io/docs/api/#set-alertmanager-configuration • CWE-73: External Control of File Name or Path CWE-184: Incomplete List of Disallowed Inputs CWE-641: Improper Restriction of Names for Files and Other Resources •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20226
https://notcve.org/view.php?id=CVE-2018-20226
21 Dec 2018 — An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method. Un administrador de la organización puede añadir un superadministrador en THEHIVE PROJECT Cortex, en versiones anteriores a la 2.1.3, debido a la falta de anulación del método Role.toString. • https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md •