Back to search
CVE-2017-18376
Published: Jun 2, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/TheHive-Project/TheHive/issues/408
x_refsource_MISC
https://github.com/TheHive-Project/TheHive/releases/tag/3.3.1
x_refsource_MISC
https://gist.github.com/RaJiska/c1b4521aefd77ed43b06045ca05e2591
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now