Strangebee: >> Thehive >> 2.13.0 Security Vulnerabilities
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.
CVSS Score
9.8
EPSS Score
0.009
Published
2023-09-11
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-06-02