Description
OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGE_KNUPDATE permission to bypass Confidence Level validation and Object Marking restrictions by injecting the synchronized-upsert: true HTTP header, enabling attackers to downgrade confidence levels, remove security markings such as TLP:RED, manipulate relationships, and affect STIX object types including Indicators, ThreatActors, Malware, and Reports. This issue is fixed in version 7.260326.0.
Problem types
CWE-639: Authorization Bypass Through User-Controlled Key
CWE-863: Incorrect Authorization
Product status
References
github.com/...pencti/security/advisories/GHSA-36fr-4m54-94mj
github.com/OpenCTI-Platform/opencti/pull/14243
github.com/...ommit/134531ddf5ecf741006b7f0870b7c36711b96540
github.com/OpenCTI-Platform/opencti/releases/tag/7.260326.0