Primary

Context

OpenCTI GraphQL IDOR Vulnerability in Notification Management Mutations

Vulnerability

A vulnerability allowing Insecure Direct Object References (IDOR) has been identified in OpenCTI versions prior to 6.6.6. This vulnerability exists within the GraphQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations. It allows authenticated users to alter the read status of notifications or delete notifications belonging to other users, provided they know the UUID of the notification. Notably, when a user changes the read status of a notification, they also receive the content of that notification.

Impact

Exploitation of this vulnerability enables authenticated users to read, modify, and delete notifications of other users, given knowledge of the notification's UUID.

Remediation

Users can upgrade to OpenCTI version 6.6.6 or later to address this vulnerability.

Added: Jul 18, 2025, 3:24 PM

Updated: Jul 18, 2025, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenCTI GraphQL IDOR Vulnerability in Notification Management Mutations

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating