Missing Authorization Vulnerability Affects Rapid7 Insight Platform
CVE-2024-8042

3.1LOW

Key Information:

Vendor: Rapid7
Status: Insight Platform
Vendor: CVE Published:; 9 September 2024

What is CVE-2024-8042?

The Rapid7 Insight Platform is vulnerable to a significant security flaw that enables an attacker to intercept local requests. This issue allows unauthorized users to alter the name and description of user groups, which could result in empty or improperly configured user groups being associated with incorrect customer accounts. This vulnerability was effectively addressed in the update released on August 14, 2024, mitigating the potential for misuse.

Affected Version(s)

Insight Platform 11/2019 < 08/14/2024

References

https://cwe.mitre.org/data/definitions/862.html

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2024
Vulnerability Reserved
Aug 21, 2024

Credit

Abhik Makwana (mAd13)