CVE-2024-45805

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.3.0

Description: The issue arises from inadequate access control for support information, allowing general users to access data meant only for users with admin and support privileges. This is facilitated by the availability of a UUID to general users through an attached query, such as a logs query, which can then be used to access sensitive information via the endpoint http:///storage/get/support/UUID/UUID.zip.

Recommendations: For versions prior to 6.3.0, update to version 6.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the support information endpoint or limiting the availability of the UUID to prevent unauthorized access.