2 matches found
CVE-2022-30290
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through...
CVE-2022-30290
CVE-2022-30290 affects OpenCTI up to version 5.2.4, where a broken access control issue in the profile endpoint lets an attacker change their registered email and API key despite these actions not being possible through the legitimate interface. Affected component: profile endpoint in OpenCTI. Ro...