An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.
References
Link | Resource |
---|---|
https://gist.github.com/RaJiska/c1b4521aefd77ed43b06045ca05e2591 | |
https://github.com/TheHive-Project/TheHive/issues/408 | Patch Third Party Advisory |
https://github.com/TheHive-Project/TheHive/releases/tag/3.3.1 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-06-02T19:12:55
Updated: 2019-06-24T20:49:02
Reserved: 2019-06-02T00:00:00
Link: CVE-2017-18376
JSON object: View
NVD Information
Status : Modified
Published: 2019-06-02T20:29:00.230
Modified: 2023-09-15T17:27:54.360
Link: CVE-2017-18376
JSON object: View
Redhat Information
No data.
CWE