Cortex 2.1.3: Security and Beyond

TheHive Project’s code Chefs are happy to announce the immediate availability of Cortex 2.1.3, a hotfix for your favorite observable and response engine, fresh out of the oven!

We highly recommend that you upgrade your existing installation to this new version as soon as feasible as it plugs a significant security vulnerability, kindly reported by Po-Hsing Wu. The vulnerability is a privilege escalation one which allows an orgadmin to create a superadmin user. The culprit has been punished by having to chant Perl mantras while doing a handstand on burning coals.

security_holes
Source : XKCD

Additionally, Cortex 2.1.3 fixes the following bugs:

  • #157: list and disable invalid responders
  • #152: enforce PAP when launching an analyzer from the Cortex Web UI
  • #147: add dig to the Cortex docker image as the SinkDB analyzer needs it
  • #146: the Cortex job list must display the PAP value
  • #145: fix the broken Web UI’s search function for job history

Pardon my French but do you speak English?

Something does not work as expected? You have troubles installing or upgrading? Spotted new bugs? No worries, please open issues on GitHub or comment on existing ones, join our user forum, contact us on Gitter, or send us an email at support@thehive-project.org. We are here to help.