CVE-2023-39069

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:strangebee:cortex:*:*:*:*:*:*:*:*
cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*
cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*
cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*

History

15 Sep 2023, 17:17

Type Values Removed Values Added
References (MISC) https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-001%3A%20Authentication%20bypass%20due%20to%20incomplete%20checks%20in%20the%20Active%20Directory%20authentication%20module.md - (MISC) https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-001%3A%20Authentication%20bypass%20due%20to%20incomplete%20checks%20in%20the%20Active%20Directory%20authentication%20module.md - Vendor Advisory
CPE cpe:2.3:a:strangebee:thehive:*:*:*:*:*:*:*:*
cpe:2.3:a:strangebee:cortex:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Strangebee cortex
Strangebee
Strangebee thehive
CWE CWE-287

11 Sep 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-11 23:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-39069

Mitre link : CVE-2023-39069

CVE.ORG link : CVE-2023-39069


JSON object : View

Products Affected

strangebee

  • thehive
  • cortex
CWE
CWE-287

Improper Authentication