Rapid7 Insight Platform up to 20240813 name/description authorization
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 2.5 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Rapid7 Insight Platform up to 20240813. This affects an unknown function. The manipulation of the argument name/description leads to authorization. This vulnerability is referenced as CVE-2024-8042. The attack needs to be initiated within the local network. No exploit is available. You should upgrade the affected component.
Details
A vulnerability was found in Rapid7 Insight Platform up to 20240813 and classified as problematic. This issue affects some unknown functionality. The manipulation of the argument name/description with an unknown input leads to a authorization vulnerability. Using CWE to declare the problem leads to CWE-862. The product does not perform an authorization check when an actor attempts to access a resource or perform an action. Impacted is integrity. The summary by CVE is:
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.
The identification of this vulnerability is CVE-2024-8042 since 08/21/2024. The exploitation is known to be difficult. The attack can only be initiated within the local network. The exploitation requires an enhanced level of successful authentication. Technical details are known, but no exploit is available.
Upgrading to version 2024-08-14 eliminates this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 2.5VulDB Meta Temp Score: 2.5
VulDB Base Score: 2.0
VulDB Temp Score: 1.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 3.1
NVD Vector: 🔍
CNA Base Score: 2.4
CNA Vector (rapid7): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: AuthorizationCWE: CWE-862 / CWE-863 / CWE-285
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Partially
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Insight Platform 2024-08-14
Timeline
08/14/2024 🔍08/21/2024 🔍
09/09/2024 🔍
09/09/2024 🔍
09/18/2024 🔍
Sources
Status: ConfirmedCVE: CVE-2024-8042 (🔍)
GCVE (CVE): GCVE-0-2024-8042
GCVE (VulDB): GCVE-100-276845
Entry
Created: 09/09/2024 17:33Updated: 09/18/2024 00:02
Changes: 09/09/2024 17:33 (63), 09/10/2024 12:37 (1), 09/18/2024 00:02 (11)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.