Broken Access Control Vulnerability in OpenCTI Profile Endpoint

Broken Access Control Vulnerability in OpenCTI Profile Endpoint

CVE-2022-30290 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.

Learn more about our Api Penetration Testing.