Summary
A bug in the OpenCTI platform introduces a lack of security controls in the user profile update feature, allowing an authenticated user with low privileges to gain administrative privileges within the web application.
Details
In the GraphQL mutation of the profile edition, the API allows an authenticated user to update fields of its profile such as language, firstname, lastname, etc. The application does not perform enough check on which field can be updated using this API endpoint, which leads to unwanted / forbidden modification to be executed.
This issue affects both the Standard and Enterprise version of the application.
Impact
By exploiting this vulnerability an authenticated attacker with low privileges can gain administrative privileges on the web application, resulting in a total compromise of integrity and confidentiality.
Acknowledgement
Filigran would like to thank the reporter (walterone) for his security review.
walterone Reporter
Summary
A bug in the OpenCTI platform introduces a lack of security controls in the user profile update feature, allowing an authenticated user with low privileges to gain administrative privileges within the web application.
Details
In the GraphQL mutation of the profile edition, the API allows an authenticated user to update fields of its profile such as language, firstname, lastname, etc. The application does not perform enough check on which field can be updated using this API endpoint, which leads to unwanted / forbidden modification to be executed.
This issue affects both the Standard and Enterprise version of the application.
Impact
By exploiting this vulnerability an authenticated attacker with low privileges can gain administrative privileges on the web application, resulting in a total compromise of integrity and confidentiality.
Acknowledgement
Filigran would like to thank the reporter (walterone) for his security review.