← Back

CVE-2024-8042

nvd nist
Published: Sep 9, 2024Modified: Sep 17, 2024

JSON object

Loading...
3.1
Vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Exploitability: 1.6 / Impact: 1.4
Source: NVD

Description

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.

Affected (1)

Rapid7
1 product
Insight Platform
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Insight Platform
From 2019-11-01 to 2024-08-14

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

Source: cve@rapid7.com
Not Applicable

Timeline

No history available yet.