Thehive Security Vulnerabilities and Issues — Thehive CVE List

Lucene search

StrangebeeThehive

8 matches found

CVE•added 2025/05/23 8:15 p.m.•83 views

CVE-2025-48739

A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct r...

4.6CVSS6.3AI score0.00135EPSS

CVE•added 2025/05/23 8:15 p.m.•67 views

CVE-2025-48741

A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the user's permissions, through a specific API end...

6.8CVSS6.5AI score0.00041EPSS

CVE•added 2025/05/23 8:15 p.m.•48 views

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage exh...

6.9CVSS7AI score0.00149EPSS

CVE•added 2025/05/23 8:15 p.m.•41 views

CVE-2025-48740

A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic auth...

5.9CVSS6.9AI score0.00053EPSS

CVE•added 2019/06/02 8:29 p.m.•38 views

CVE-2017-18376

An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.

8.8CVSS8.8AI score0.00488EPSS

CVE•added 2023/09/11 11:15 p.m.•26 views

CVE-2023-39069

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.

9.8CVSS9.6AI score0.00937EPSS

CVE•added 2024/01/19 2:15 p.m.•25 views

CVE-2024-22877

StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML ...

5.4CVSS5.2AI score0.00193EPSS

CVE•added 2024/01/19 2:15 p.m.•20 views

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL....

5.4CVSS5.3AI score0.00184EPSS