Cross-Site Request Forgery Vulnerability in Rapid7 Metasploit
CVE-2017-15084

6.5MEDIUM

Key Information:

Vendor: Rapid7
Status: Metasploit
Vendor: CVE Published:; 6 October 2017

What is CVE-2017-15084?

The web user interface in Rapid7 Metasploit prior to version 4.14.1-20170828 contains a Cross-Site Request Forgery (CSRF) vulnerability that can allow unauthorized logouts of users. This security flaw can potentially permit an attacker to exploit the session of authenticated users, leading to unintended actions being taken on their behalf. It is essential for users of affected versions to apply the appropriate updates to mitigate this risk.

References

https://blog.rapid7.com/2017/10/06/vulnerabilities-affect...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 6, 2017