Security Upgrade: Release of TheHive Versions 5.2.9 and 5.1.10

Three weeks ago, we released TheHive versions 5.2.9 and 5.1.10. These updates include security enhancements, addressing vulnerabilities identified through our recent comprehensive penetration testing.

Security Upgrade: Release of TheHive Versions 5.2.9 and 5.1.10


Our in-depth security assessment revealed five vulnerabilities - three of medium severity and two of low severity. 

Medium Severity Vulnerabilities

  1. SB-SEC-ADV-2023-001 (Reporting – Stored Cross-Site Scripting): This vulnerability can lead to account impersonation, including those with administrator privileges. 
  2. SB-SEC-ADV-2023-002 (Attachment – Stored Cross-Site Scripting): Exploitation of this flaw can coerce a victim account to elevate another user's privileges unintentionally. 
  3. SB-SEC-ADV-2023-003 (Branding Logo – Reflected Cross-Site Scripting): Similar to SB-SEC-ADV-2023-001, this vulnerability can also result in account impersonation. 
Note: Exploitation of these vulnerabilities requires specific conditions, such as dual-role (Analyst and Administrator) accounts, which limits the potential for widespread misuse. 

Low Severity Vulnerabilities

  1. SB-SEC-ADV-2023-004 (MFA - Lack of Lockout Policy): Absence of account lockout in response to repeated incorrect multi-factor authentication attempts. 
  2. SB-SEC-ADV-2023-005 (Username Enumeration): Potential for attackers to identify of accounts are registered or not on the platform. 

For detailed insights, please refer to the individual advisories on our security repository


To address these vulnerabilities, we have implemented patches in TheHive versions 5.2.9 and 5.1.10. We strongly urge all users to upgrade to version 5.2.9, or at least to version 5.1.10 for those still using TheHive v.5.1


We encourage responsible collaboration in identifying and reporting potential security issues. Please visit our Responsible Vulnerability Disclosure Policy page for guidelines on secure reporting.


We are thankful to Randorisec for its exemplary penetration testing services. RandoriSec is an offensive security company with a team of experienced consultants who help the company's clients contain technology-related risks. Their expertise has been instrumental in enhancing the security and reliability of TheHive.