Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-2745

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244.

Published

2024-04-02T10:15:09.950

Last Modified

2025-02-25T18:36:41.020

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.3 (LOW)

Weaknesses

Type: Secondary
CWE-598
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rapid7	insightvm	< 6.6.244	Yes

References

https://docs.rapid7.com/release-notes/insightvm/20240327/ Release Notes ([email protected])
https://docs.rapid7.com/release-notes/insightvm/20240327/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)