cvedb.io
CVE-2022-30290
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-07-05T13:15:08.427 · Last modified 2026-06-17T04:43:25.477

Summary

In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.

Affected products

citeum — opencti

Does this affect you?

Add your gear to cvedb and we'll alert you only when citeum ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.