{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2022-049.pdf"
    },
    "title": "TheHive Unauthentified API Endpoint Leaking Data",
    "serial_number": "2022-049",
    "publish_date": "05-07-2022 11:35:00",
    "description": "On the 4th of July 2022, StrangeBee published an advisory about a critical vulnerability that, if exploited, could leak sensitive information about current activities in TheHive (creation, modification, deletion of any object). It is strongly recommended to update to the latest versions available.",
    "url_title": "2022-049",
    "content_markdown": "---\ntitle: 'TheHive Unauthentified API Endpoint Leaking Data'\nversion: '1.0'\nnumber: '2022-049'\noriginal_date: 'July 4, 2022'\ndate: 'July 5, 2022'\n---\n\n_History:_\n\n* _05/07/2022 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn the 4th of July 2022, StrangeBee published an advisory about a critical vulnerability that, if exploited, could leak sensitive information about current activities in TheHive (creation, modification, deletion of any object) [1].\n\nIt is strongly recommended to update to the latest versions available.\n\n# Technical Details\n\nThe vulnerability exists in an API endpoint which is accessible without authentication, and that can be exploited to listen to current events. The events can be of any nature (creation, modification, deletion) and concern every entity (Cases, Alerts, Observables, Tasks, Jobs, etc.) [1].\n\n# Affected Products\n\nThe following product versions are affected by the vulnerability:\n\n- TheHive 5 before 5.0.9\n- TheHive 4 before 4.1.22\n\n# Recommendations\n\nCERT-EU strongly recommends updating to the latest version available as soon as possible.\n\n# References\n\n[1] <https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-002.md>",
    "content_html": "<p><em>History:</em></p><ul><li><em>05/07/2022 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On the 4th of July 2022, StrangeBee published an advisory about a critical vulnerability that, if exploited, could leak sensitive information about current activities in TheHive (creation, modification, deletion of any object) [1].</p><p>It is strongly recommended to update to the latest versions available.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability exists in an API endpoint which is accessible without authentication, and that can be exploited to listen to current events. The events can be of any nature (creation, modification, deletion) and concern every entity (Cases, Alerts, Observables, Tasks, Jobs, etc.) [1].</p><h2 id=\"affected-products\">Affected Products</h2><p>The following product versions are affected by the vulnerability:</p><ul><li>TheHive 5 before 5.0.9</li><li>TheHive 4 before 4.1.22</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU strongly recommends updating to the latest version available as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-002.md\">https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2022-002.md</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}