PYSEC-2024-296

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2024-296.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2024-296

Aliases

CVE-2024-26139
GHSA-qx4j-f4f2-vjw9

Published

2024-05-23T12:15:09.530Z

Modified

2026-05-20T09:19:13.967252Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Due to lack of certain security controls on the profile edit functionality, an authenticated attacker with low privileges can gain administrative privileges on the web application.

References

https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-qx4j-f4f2-vjw9

Affected packages

PyPI / pycti

Package

Name: pycti; View open source insights on deps.dev
Purl: pkg:pypi/pycti

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.12.32

Affected versions

1.*

1.2.1

1.2.2

1.2.4

1.2.9

1.2.11

1.2.12

1.2.13

1.2.14

1.2.15

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.1.10

2.1.11

2.1.12

2.1.13

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.1.0

3.1.1

3.1.2

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.2.6

3.2.7

3.3.0

3.3.1

3.3.2

3.3.3

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.1.0

4.1.1

4.1.2

4.2.1

4.2.2

4.2.3

4.2.4

4.3.0

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5

4.4.0

4.4.1

4.4.2

4.4.3

4.5.0

4.5.1

4.5.2

4.5.3

4.5.4

4.5.5

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.2.0

5.2.1

5.2.2

5.2.3

5.2.4

5.3.0

5.3.post5310

5.3.post5311

5.3.post5312

5.3.post5314

5.3.post5315

5.3.post5316

5.3.post5317

5.3.post5318

5.3.1

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.17

5.4.0

5.4.1

5.5.0

5.5.post551

5.5.post552

5.5.post553

5.5.post554

5.5.post555

5.5.post556

5.5.1

5.5.2

5.5.3

5.5.4

5.5.5

5.5.6

5.6.0

5.6.post560

5.6.post561

5.6.post562

5.6.1

5.6.2

5.7.0

5.7.post570

5.7.post571

5.7.post572

5.7.post573

5.7.post574

5.7.post575

5.7.post576

5.7.1

5.7.2

5.7.3

5.7.4

5.7.5

5.7.6

5.8.0

5.8.1

5.8.2

5.8.3

5.8.4

5.8.5

5.8.6

5.8.7

5.9.0

5.9.1

5.9.2

5.9.3

5.9.4

5.9.5

5.9.6

5.10.0

5.10.1

5.10.2

5.10.3

5.11.0

5.11.1

5.11.2

5.11.3

5.11.4

5.11.5

5.11.6

5.11.7

5.11.8

5.11.9

5.11.10

5.11.11

5.11.12

5.11.13

5.11.14

5.12.0

5.12.1

5.12.2

5.12.3

5.12.4

5.12.5

5.12.6

5.12.7

5.12.8

5.12.9

5.12.10

5.12.11

5.12.12

5.12.13

5.12.14

5.12.15

5.12.16

5.12.17

5.12.18

5.12.19

5.12.20

5.12.21

5.12.22

5.12.23

5.12.24

5.12.25

5.12.26

5.12.27

5.12.28

5.12.29

5.12.30

5.12.31

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pycti/PYSEC-2024-296.yaml"