CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26621 – OpenCTI vulnerable to Denial of Service through web hook
https://notcve.org/view.php?id=CVE-2025-26621
19 May 2025 — OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype pollution, making the node js server running the OpenCTI frontend become unavailable. Version 6.5.2 fixes the issue. • https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-gq63-jm3h-374p • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24977 – OpenCTI has remote code execution and sensitive secrets exposed through web hook
https://notcve.org/view.php?id=CVE-2025-24977
05 May 2025 — OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11 any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container this opens up the the infrastructure environment for further attacks and exposures. Version 6.4.11 fixes the issue. • https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24887 – OpenCTI bypass of protected attribute update
https://notcve.org/view.php?id=CVE-2025-24887
30 Apr 2025 — OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the `external` flag on/off and change the own token value for a user. It is also possible to edit attributes that are not in the allow list, such as `otp_qr` and `otp_activated`. If external users exist in the OpenCTI setup and the information about ... • https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-8262-pw2q-5qc3 • CWE-284: Improper Access Control CWE-657: Violation of Secure Design Principles •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45805 – OpenCTI leaks support information due to inadequate access control
https://notcve.org/view.php?id=CVE-2024-45805
26 Dec 2024 — OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0. • https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-42mm-c8x3-g5q6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-45404 – OpenCTI's lack of Rate Limit lead to OTP brute forcing
https://notcve.org/view.php?id=CVE-2024-45404
11 Dec 2024 — OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available. • https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-hg56-r6hh-56j7 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37155 – OpenCTI May Bypass Introspection Restriction
https://notcve.org/view.php?id=CVE-2024-37155
18 Nov 2024 — OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`. The regex check in the plkugin can be bypassed by removing the carriage return and line feed characters (`\r\n`... • https://github.com/OpenCTI-Platform/opencti/blob/6343b82b0b0a5d3ded3b30d08ce282328a556268/opencti-platform/opencti-graphql/src/graphql/graphql.js#L83-L94 • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26139 – OpenCTI Authenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-26139
23 May 2024 — OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application. OpenCTI es una plataforma de código abierto que permite a las organizaciones gestionar sus conocimientos y observables de inteligencia sobre amenazas cibernéticas. Debido a la falta de ciertos controles d... • https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9 • CWE-284: Improper Access Control CWE-657: Violation of Secure Design Principles •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30290
https://notcve.org/view.php?id=CVE-2022-30290
05 Jul 2022 — In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately. En OpenCTI versiones hasta 5.2.4, se identificó una vulnerabilidad de control de acceso roto en el extremo del perfil. Un atacante puede abusar de la vulnerabilidad identificada par... • https://github.com/OpenCTI-Platform/opencti/releases •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30289
https://notcve.org/view.php?id=CVE-2022-30289
05 Jul 2022 — A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location. Ha sido identificada una vulnerabilidad de tipo Cross-site Scripting (XSS) almacenada en la funcionalidad Data Import de OpenCTI versiones hasta 5.2.4. Un atacante puede abusar de la vulnerabilidad para cargar un archivo malicioso que luego se... • https://github.com/OpenCTI-Platform/opencti/releases • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •