CVE-2022-30290

Name of the Vulnerable Software and Affected Versions OpenCTI versions 5.2.4 and earlier

Description A broken access control issue has been identified in the profile endpoint. This allows an attacker to change their registered e-mail address and API key, despite this action not being possible through the legitimate interface.

Recommendations For versions 5.2.4 and earlier, as a temporary workaround, consider restricting access to the profile endpoint until a patch is available. Avoid using the profile endpoint to update e-mail addresses or API keys until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.