{"id":"CVE-2024-45805","summary":"OpenCTI leaks support information due to inadequate access control","details":"OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://\u003copencti_domain\u003e/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0.","aliases":["GHSA-42mm-c8x3-g5q6","PYSEC-2024-298"],"modified":"2026-05-20T08:11:22.453935604Z","published":"2024-12-26T21:34:48.751Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45805.json","cwe_ids":["CWE-200","CWE-285"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45805.json"},{"type":"ADVISORY","url":"https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-42mm-c8x3-g5q6"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45805"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/opencti-platform/opencti","events":[{"introduced":"0"},{"fixed":"558e6c1c35cd1dcfeea937e050e185d69a10e322"}]}],"versions":["6.2.7","6.2.14","6.2.13","6.2.12","6.2.11","6.2.10","6.2.9","6.2.8","6.2.6","6.2.5","6.2.4","6.2.3","6.2.2","6.2.1","6.2.0","6.1.12","6.1.10","6.1.9","6.1.8","6.1.7","6.1.6","6.1.5","6.1.4","6.1.3","6.1.2","6.1.1","6.1.0","6.0.10","6.0.9","6.0.8","6.0.7","6.0.6","6.0.5","6.0.4","6.0.3","6.0.2","6.0.0","5.12.27","5.12.26","5.12.25","5.12.24","5.12.23","5.12.22","5.12.21","5.12.20","5.12.19","5.12.18","5.12.17","5.12.16","5.12.15","5.12.14","5.12.13","5.12.12","5.12.11","5.12.10","5.12.9","5.12.8","5.12.7","5.12.6","5.12.5","5.12.4","5.12.3","5.12.2","5.12.1","5.12.0","5.11.13","5.11.12","5.11.11","5.11.10","5.11.9","5.11.8","5.11.7","5.11.6","5.11.5","5.11.4","5.11.3","5.11.2","5.11.1","5.11.0","5.10.3","5.10.2","5.10.1","5.10.0","5.9.6","5.9.5","5.9.4","5.9.3","5.9.2","5.9.1","5.9.0","5.8.7","5.8.6","5.8.5","5.8.4","5.8.3","5.8.2","5.8.1","5.8.0","5.7.6","5.7.5","5.7.4","5.7.3","5.7.2","5.7.1","5.7.0","5.6.2","5.6.1","5.6.0","5.5.4","5.5.3","5.5.2","5.5.1","5.5.0","5.4.1","5.4.0","5.3.17","5.3.16","5.3.15","5.3.14","5.3.13","5.3.12","5.3.11","5.3.10","5.3.9","5.3.8","5.3.7","5.3.6","5.3.5","5.3.4","5.3.3","5.3.2","5.3.1","5.3.0","5.2.4","5.2.3","5.2.2","5.2.1","5.2.0","5.1.4","5.1.3","5.1.2","5.1.1","5.1.0","5.0.3","5.0.2","5.0.1","5.0.0","4.5.5","4.5.4","4.5.3","4.5.2","4.5.1","4.5.0","4.4.1","4.4.0","4.3.5","4.3.4","4.3.3","4.3.2","4.3.1","4.3.0","4.2.4","4.2.3","4.2.2","4.2.1","4.2.0","4.1.2","4.1.1","4.1.0","4.0.7","4.0.6","4.0.5","4.0.4","4.0.3","4.0.2","4.0.1","4.0.0","3.3.2","3.3.1","3.3.0","3.2.2","3.2.0","3.0.3","3.0.2","3.0.1","3.0.0","2.1.4","2.1.3","2.1.2","2.1.1","2.1.0","2.0.2","2.0.1","1.1.2","1.1.0","1.0.2","1.0.1","1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45805.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}