Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
References
Link | Resource |
---|---|
https://docs.rapid7.com/release-notes/insightvm/20220830/ | Vendor Advisory |
Configurations
History
23 Sep 2022, 15:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Rapid7
Rapid7 insightvm |
|
References | (CONFIRM) https://docs.rapid7.com/release-notes/insightvm/20220830/ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:* | |
CWE | CWE-613 |
21 Sep 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-21 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2019-5641
Mitre link : CVE-2019-5641
CVE.ORG link : CVE-2019-5641
JSON object : View
Products Affected
rapid7
- insightvm