Skip to content

[Bug] Cases owned by non-linked organisations visible to all organisations, potential data leakage #1427

Closed
@shortstack

Description

@shortstack

Cases owned by non-linked organisations visible to all organisations, potential data leakage

Request Type

Bug

Work Environment

Question Answer
OS version (server) Ubuntu 16
OS version (client) Any
TheHive version / git hash 4.0.0-RC2-1
Package Type deb
Browser type & version Chrome/FF

Problem Description

When merging alerts into a case, all similar cases for all organisations are displayed, despite the fact that those cases have not been shared with the organisation and the organisations aren't even linked. This raises an issue with multi-tenancy and creates room for data leakage. Case titles could contain information that should not be shared between tenants.

Steps to Reproduce

  1. Create alert
  2. Click "Merge into Case"
  3. Similar cases displays all similar cases from all organisations

Possible Solutions

List of similar cases that gets populated when merging an alert or case should only display alerts and cases owned by that organisation, or linked organisations, not all.

Metadata

Metadata

Assignees

Labels

TheHive4TheHive4 related issuesbug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions