Sensitive Information Exposure Vulnerability in Rapid7's InsightVM Login Page
CVE-2024-2745

3.3LOW

Key Information:

Vendor: Rapid7
Status: Insightvm
Vendor: CVE Published:; 2 April 2024

What is CVE-2024-2745?

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244.

Affected Version(s)

InsightVM 0 < 6.6.244

References

https://docs.rapid7.com/release-notes/insightvm/20240327/

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2024

Credit

Sreenath Raghunath (Fireware LLC UAE, OMAN)

JSON