Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0681

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.

Published

2023-03-20T20:15:52.470

Last Modified

2024-11-21T07:37:37.013

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-601
Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rapid7	insightvm	< 6.6.179	Yes

References

https://docs.rapid7.com/release-notes/nexpose/20230208/ Release Notes ([email protected])
https://docs.rapid7.com/release-notes/nexpose/20230208/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)