Privilege Escalation Vulnerability Affects Rapid7 Insight Platform
CVE-2024-11401

Currently unrated

Key Information:

Vendor: Rapid7
Status: Insight Platform
Vendor: CVE Published:; 11 December 2024

What is CVE-2024-11401?

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024.

Affected Version(s)

Insight Platform Before Novemeber 13th

References

https://cwe.mitre.org/data/definitions/862.html

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2024
Vulnerability Reserved
Nov 19, 2024

Credit

Harshil Soni (BitBreacher)