Date: 25 January, 2024
Version: 1.1
Last update: Initial advisory
Severity: Medium
Risks: Session hijacking / Privilege escalation
CVE: CVE-2024-22877
A vulnerability has been detected within the reporting module of TheHive. This flaw, when exploited, poses a risk as it allows for the impersonation of any user account, including those with administrative privileges. The exploit is viable through an authenticated user account.
This vulnerability is categorized as a stored Cross-Site Scripting (XSS) issue. Stored XSS vulnerabilities enable an attacker to embed malicious JavaScript or HTML code into a trusted web application. In this instance, the vulnerability is present within the case reporting functionality of TheHive. Malicious JavaScript code can be inserted into a report template or its variables, which, when executed, impacts the integrity of the application. Such execution can lead to unauthorized actions being performed on the application, including modification of user permissions.
Affected Versions:
- TheHive versions 5.2.0 to 5.2.8
Immediate update to TheHive version 5.2.9 or higher is strongly advised to remediate this vulnerability.
We extend our gratitude to Randorisec for their meticulous penetration testing services. Their expertise has significantly contributed to strengthening our cybersecurity measures.
For further inquiries or assistance regarding this security notice:
- Existing customers are encouraged to contact our support service.
- Others may reach out via email at security@strangebee.com.