CVE-2018-20226

EUVD-2018-12793
An organization administrator can add a super administrator in THEHIVE PROJECT Cortex before 2.1.3 due to the lack of overriding the Role.toString method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
thehive-projectcortex
𝑥
< 2.1.3
𝑥
= Vulnerable software versions
References
https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md
https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a
https://github.com/TheHive-Project/Cortex/issues/158
https://github.com/TheHive-Project/Cortex/blob/2.1.3/CHANGELOG.md
https://github.com/TheHive-Project/Cortex/commit/1aaf2182a6b722ad539e2717bc11967d1bde723a
https://github.com/TheHive-Project/Cortex/issues/158