Itlabbet

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.5.2 Description: The issue affects an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability to manage customizations can edit a webhook that will execute JavaScript code. This can be abused to cause a denial of service attack by prototype pollution, making the Node.js server running the OpenCTI frontend become unavailable. Recommendations: For versions prior to 6.5.2, update to version 6.5.2 to resolve the issue. As a temporary workaround, consider restricting the capability to manage customizations to prevent unauthorized users from editing webhooks.

**Name of the Vulnerable Software and Affected Versions** OpenCTI versions prior to 6.4.11 **Description** OpenCTI is an open cyber threat intelligence (CTI) platform. Prior to version 6.4.11, any user with the capability `manage customizations` can execute commands on the underlying infrastructure where OpenCTI is hosted and can access internal server-side secrets by misusing the web-hooks. Since the malicious user gets a root shell inside a container, this opens up the infrastructure environment for further attacks and exposures. Over 3,200 services are potentially affected. **Recommendations** Update to version 6.4.11 to fix the issue. Check webhook settings and restrict access to only trusted sources. Analyze event logs for suspicious activity. As a temporary workaround, consider restricting access to the `manage customizations` capability until the update is applied.

**Name of the Vulnerable Software and Affected Versions** OpenCTI versions 6.4.8 through 6.4.9 **Description** The issue allows a user to bypass allow/deny lists and modify attributes that are intended to be unmodifiable. This includes toggling the `external` flag on/off, changing the own token value for a user, and editing attributes not in the allow list, such as `otp qr` and `otp activated`. If external users exist in the OpenCTI setup with sensitive identity information, this can be used to enumerate existing user accounts as a standard low-privileged user. **Recommendations** For OpenCTI versions 6.4.8 through 6.4.9, update to version 6.4.10 to resolve the issue. As a temporary workaround, consider restricting access to the `external` flag and token value modification functionality until the update is applied. Additionally, limit editing capabilities for attributes not in the allow list, such as `otp qr` and `otp activated`, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PyMdown Extensions versions prior to 10.0 **Description** The issue allows for an arbitrary file read when using include file syntax. By using the syntax `--8<--"/etc/passwd"` or `--8<--"/proc/self/environ"`, the content of these files will be rendered in the generated documentation. A path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base paths, such as `--8<-- "../../../../etc/passwd"`. Within the Snippets extension, there exists a `base path` option but the implementation is vulnerable to Directory Traversal. The vulnerable section exists in `get snippet path(self, path)` lines 155 to 174 in snippets.py. Any readable file on the host where the plugin is executing may have its content exposed, impacting any use of Snippets that exposes the use of Snippets to external users. **Recommendations** For versions prior to 10.0, upgrade to version 10.0 to resolve the issue. As a temporary workaround for users unable to upgrade, restrict relative paths by filtering input.