StrangeBee TheHive Email Flooding Vulnerability

Vulnerability

A vulnerability allowing email flooding has been identified in StrangeBee TheHive versions 5.2.0 prior to 5.2.16, 5.3.0 prior to 5.3.11, 5.4.0 prior to 5.4.10, and 5.5.0 prior to 5.5.1. This vulnerability allows unauthenticated remote attackers to abuse the password reset feature without restrictions. The consequences of this vulnerability include exhausting the mailbox storage of targeted users, damaging the reputation of the SMTP server which could lead to blacklisting, and overloading the outbound mail queue of the SMTP server.

Impact

Exploitation of this vulnerability can cause mailbox storage exhaustion for targeted users, damage the reputation of the SMTP server potentially leading to blacklisting, and overload the SMTP server's outbound mail queue.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

StrangeBee TheHive Email Flooding Vulnerability

Vulnerability

Impact

Affected Products

StrangeBee TheHive

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating