CVE-2018-20226 Information

Jun 07, 2022 cve

Description

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/TheHive-Project/Cortex/issues/158 https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2

Share on: