Impact
The vulnerability in Mythic allows authenticated users with a spectator role to bypass normal authorization controls when accessing the eventing_import_automatic_webhook endpoint. This misconfiguration lets them create or delete automation workflows, altering operation automation and EventGroups without proper vetting. The flaw is an authorization bypass (CWE‑863), enabling a moderate‑impact compromise of the platform’s operation configuration.
Affected Systems
Mythic instances running any version prior to 3.4.0.60, provided by its‑a‑feature, are impacted. The affected component is the eventing_import_automatic_webhook endpoint exposed under spectator‑permitted middleware, meaning all deployments of Mythic before the 3.4.0.60 release are vulnerable.
Risk and Exploitability
The CVSS base score of 5.3 indicates medium severity, and the EPSS score is not reported. The vulnerability is not listed in CISA KEV. An attacker must first authenticate to Mythic with a spectator role, which can be achieved through valid credentials or by exploiting another authentication weakness. Once authenticated, the attacker can call the endpoint and create or delete automation workflows, thereby changing the platform’s behavior and potentially affecting operations. Although the attack requires authentication, the misconfigured permission renders it trivial for any spectator to exercise these destructive actions.
OpenCVE Enrichment