Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.

Published

2024-09-09T15:15:12.340

Last Modified

2024-09-17T17:25:02.330

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.4 (LOW)

Weaknesses

Type: Secondary
CWE-862
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rapid7	insight_platform	< 2024-08-14	Yes

References

https://cwe.mitre.org/data/definitions/862.html Not Applicable ([email protected])