CVE-2023-39069

2023-09-1100:00:00

mitre

www.cve.org

strangebee thehive

cortex

privilege escalation

active directory

authentication

cve-2023-39069

9.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.0%

JSON

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.

References

github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-001%3A%20Authentication%20bypass%20due%20to%20incomplete%20checks%20in%20the%20Active%20Directory%20authentication%20module.md