CNNVD-202601-1183 Information
CNNVD ID
CNNVD-202601-1183
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
OpenCTI是OpenCTI开源的一个开放网络威胁情报平台。 OpenCTI 6.8.3之前版本存在输入验证错误漏洞,该漏洞源于SAML身份验证端点中RelayState参数操作不当,可能导致开放重定向攻击。
Description (English)
OpenCTI is an open web threat information platform for OpenCTI open sources. The previous version of OpenCTI 6.8.3 had an input authentication error loophole, which stemmed from the inappropriate operation of Relaystate parameters at the SAML identification endpoint, which could lead to an open redirection attack.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
OpenCTI
Published
2026-01-07
Last Modified
2026-02-24
References
https://github.com/OpenCTI-Platform/opencti/commit/f755165a26888925c4a58018f7238ff92a0bd378 https://github.com/OpenCTI-Platform/opencti/releases/tag/6.8.3 https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-jc3f-c62g-v7qw
Patch
https://github.com/OpenCTI-Platform/opencti/releases
Share on: