cve-2024-37155
Vulnerability from cvelistv5
Published
2024-11-18 15:06
Modified
2024-11-18 21:38
Severity ?
EPSS score ?
Summary
OpenCTI May Bypass Introspection Restriction
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| OpenCTI-Platform | opencti |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:opencti-platform:opencti:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "opencti",
"vendor": "opencti-platform",
"versions": [
{
"lessThan": "6.1.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37155",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-18T21:37:35.921188Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T21:38:54.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "opencti",
"vendor": "OpenCTI-Platform",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`. The regex check in the plkugin can be bypassed by removing the carriage return and line feed characters (`\\r\\n`). Running a curl command against a local instance of OpenCTI will result in a limited error message. By running the same Introspection query without the `\\r\\n` characters, the unauthenticated user is able to successfully run a full Introspection query. Bypassing this restriction allows the attacker to gather a wealth of information about the GraphQL endpoint functionality that can be used to perform actions and/or read data without authorization. These queries can also be weaponized to conduct a Denial of Service (DoS) attack if sent repeatedly. Users should upgrade to version 6.1.9 to receive a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-18T15:06:32.886Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-4mvw-j8r9-xcgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-4mvw-j8r9-xcgc"
},
{
"name": "https://github.com/OpenCTI-Platform/opencti/commit/f87d96918c63b0c3d3ebfbea6c789d48e2f56ad5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenCTI-Platform/opencti/commit/f87d96918c63b0c3d3ebfbea6c789d48e2f56ad5"
},
{
"name": "https://github.com/OpenCTI-Platform/opencti/blob/6343b82b0b0a5d3ded3b30d08ce282328a556268/opencti-platform/opencti-graphql/src/graphql/graphql.js#L83-L94",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OpenCTI-Platform/opencti/blob/6343b82b0b0a5d3ded3b30d08ce282328a556268/opencti-platform/opencti-graphql/src/graphql/graphql.js#L83-L94"
}
],
"source": {
"advisory": "GHSA-4mvw-j8r9-xcgc",
"discovery": "UNKNOWN"
},
"title": "OpenCTI May Bypass Introspection Restriction"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37155",
"datePublished": "2024-11-18T15:06:32.886Z",
"dateReserved": "2024-06-03T17:29:38.328Z",
"dateUpdated": "2024-11-18T21:38:54.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-37155\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-11-18T15:15:06.210\",\"lastModified\":\"2024-11-18T17:11:17.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`. The regex check in the plkugin can be bypassed by removing the carriage return and line feed characters (`\\\\r\\\\n`). Running a curl command against a local instance of OpenCTI will result in a limited error message. By running the same Introspection query without the `\\\\r\\\\n` characters, the unauthenticated user is able to successfully run a full Introspection query. Bypassing this restriction allows the attacker to gather a wealth of information about the GraphQL endpoint functionality that can be used to perform actions and/or read data without authorization. These queries can also be weaponized to conduct a Denial of Service (DoS) attack if sent repeatedly. Users should upgrade to version 6.1.9 to receive a patch for the issue.\"},{\"lang\":\"es\",\"value\":\"OpenCTI es una plataforma de c\u00f3digo abierto que permite a las organizaciones gestionar su conocimiento y observables de inteligencia sobre amenazas cibern\u00e9ticas. Antes de la versi\u00f3n 6.1.9, la validaci\u00f3n de expresiones regulares utilizada para evitar las consultas de introspecci\u00f3n se puede omitir eliminando los espacios en blanco adicionales, los retornos de carro y los caracteres de avance de l\u00ednea de la consulta. Las consultas GraphQL en OpenCTI se pueden validar utilizando `secureIntrospectionPlugin`. La comprobaci\u00f3n de expresiones regulares en plkugin se puede omitir eliminando los caracteres de retorno de carro y avance de l\u00ednea (`\\\\r\\\\n`). La ejecuci\u00f3n de un comando curl contra una instancia local de OpenCTI dar\u00e1 como resultado un mensaje de error limitado. Al ejecutar la misma consulta de introspecci\u00f3n sin los caracteres `\\\\r\\\\n`, el usuario no autenticado puede ejecutar con \u00e9xito una consulta de introspecci\u00f3n completa. Omitir esta restricci\u00f3n permite al atacante recopilar una gran cantidad de informaci\u00f3n sobre la funcionalidad del punto final de GraphQL que se puede utilizar para realizar acciones o leer datos sin autorizaci\u00f3n. Estas consultas tambi\u00e9n pueden utilizarse como arma para llevar a cabo un ataque de denegaci\u00f3n de servicio (DoS) si se env\u00edan repetidamente. Los usuarios deben actualizar a la versi\u00f3n 6.1.9 para recibir un parche para solucionar el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"references\":[{\"url\":\"https://github.com/OpenCTI-Platform/opencti/blob/6343b82b0b0a5d3ded3b30d08ce282328a556268/opencti-platform/opencti-graphql/src/graphql/graphql.js#L83-L94\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenCTI-Platform/opencti/commit/f87d96918c63b0c3d3ebfbea6c789d48e2f56ad5\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-4mvw-j8r9-xcgc\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.