CVE-2024-22876

Name of the Vulnerable Software and Affected Versions StrangeBee TheHive versions 5.1.0 through 5.1.9 StrangeBee TheHive versions 5.2.0 through 5.2.8

Description The issue concerns a Cross Site Scripting (XSS) vulnerability in the case attachment functionality. This allows an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the TheHive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application, such as helping an analyst become an administrator.

Recommendations For StrangeBee TheHive versions 5.1.0 through 5.1.9, consider disabling the case attachment functionality until a patch is available. For StrangeBee TheHive versions 5.2.0 through 5.2.8, consider disabling the case attachment functionality until a patch is available. As a temporary workaround, restrict access to the case attachment functionality to minimize the risk of exploitation.