← Back

CVE-2024-2745

nvd nist
Published: Apr 2, 2024Modified: Feb 25, 2025

JSON object

Loading...
3.3
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 1.8 / Impact: 1.4
Source: NVD

Description

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.  This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.     The vulnerability is remediated in version 6.6.244. 

Affected (1)

Products: Rapid7: Insightvm
Rapid7
1 product
Insightvm
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Insightvm
Before 6.6.244

Related CWEs

CWE-598
Use of GET Request Method With Sensitive Query Strings
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

References (2)

Source: cve@rapid7.com
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes

Timeline

No history available yet.