CVE-2024-37155

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 6.1.9

Description The issue allows an attacker to bypass the regex validation used to prevent Introspection queries in OpenCTI by removing extra whitespace, carriage return, and line feed characters from the query. This can be done by exploiting the secureIntrospectionPlugin in GraphQL Queries. Specifically, the regex check can be bypassed by removing the carriage return and line feed characters (r ). This enables an unauthenticated user to run a full Introspection query, gathering information about the GraphQL endpoint functionality that can be used to perform unauthorized actions or read data. Additionally, these queries can be used to conduct a Denial of Service (DoS) attack if sent repeatedly.

Recommendations For versions prior to 6.1.9, upgrade to version 6.1.9 to receive a patch for the issue. As a temporary workaround, consider restricting access to the secureIntrospectionPlugin until the patch is applied. Avoid using the secureIntrospectionPlugin without proper validation to minimize the risk of exploitation.