2.4 CVE-2024-8042

 

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.
https://nvd.nist.gov/vuln/detail/CVE-2024-8042

Categories

CWE-862

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:rapid7:insight_platform:*:*:*:*:*:*:*:* >= 2019-11-01 < 2024-08-14


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry