HIGH 7.5

PYSEC-2022-43186

Details

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pycti

Introduced in: 0 Fixed in: 5.3.0

Fix pip install --upgrade 'pycti>=5.3.0'

References

https://github.com/OpenCTI-Platform/opencti/releases [ADVISORY]
https://www.enisa.europa.eu/topics/threat-risk-management/vulnerability-disclosure [ADVISORY]