Thehive Project

thehive-project

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-7652 1Thehive Project 1Cortex Analyzers Nov 21, 2024 May 9, 2019 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF...Show more TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.Show less
CVE-2018-20226 1Thehive Project 1Cortex Nov 21, 2024 Dec 21, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-7652

1Thehive Project

1Cortex Analyzers

Nov 21, 2024

May 9, 2019

N/A· v4

7.7 HIGH· v3

4.0 MEDIUM· v2

TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.Show less

CVE-2018-20226

1Thehive Project

1Cortex

Nov 21, 2024

Dec 21, 2018

N/A· v4

7.2 HIGH· v3

6.5 MEDIUM· v2

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.