CVE-2018-20226

An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
thehive-projectcortex
𝑥
< 2.1.3
𝑥
= Vulnerable software versions
References
https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md
https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a
https://github.com/TheHive-Project/Cortex/issues/158
https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md
https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a
https://github.com/TheHive-Project/Cortex/issues/158