Thehive · Thehive · CVE-2017-18376
**Name of the Vulnerable Software and Affected Versions**
TheHive versions prior to 2.13.4
TheHive versions 3.x prior to 3.3.1
**Description**
An improper authorization check in the User API allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This issue affects the app/controllers/UserCtrl.scala file.
**Recommendations**
For versions prior to 2.13.4, update to version 2.13.4 or later.
For versions 3.x prior to 3.3.1, update to version 3.3.1 or later.