Sensitive Information Exposure Vulnerability in Rapid7's InsightVM Login Page
CVE-2024-2745

3.3LOW

Key Information:

Vendor: Rapid7
Status: Insightvm
Vendor: CVE Published:; 2 April 2024

What is CVE-2024-2745?

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

InsightVM 0 < 6.6.244

References

https://docs.rapid7.com/release-notes/insightvm/20240327/

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2024

Credit

Sreenath Raghunath (Fireware LLC UAE, OMAN)

JSON

Rapid7