Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.
The vulnerability is remediated in version 6.6.244.
References
Configurations
No configuration.
History
21 Nov 2024, 09:10
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://docs.rapid7.com/release-notes/insightvm/20240327/ - |
02 Apr 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-02 10:15
Updated : 2024-11-21 09:10
NVD link : CVE-2024-2745
Mitre link : CVE-2024-2745
CVE.ORG link : CVE-2024-2745
JSON object : View
Products Affected
No product.
CWE
CWE-598
Use of GET Request Method With Sensitive Query Strings