3.3

CVE-2024-2745

EPSS 0.08%
Veröffentlicht 02.04.2024 10:15:09
Zuletzt bearbeitet 25.02.2025 18:36:41
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.  This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.  
 
The vulnerability is remediated in version 6.6.244.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rapid7 ≫ Insightvm Version < 6.6.244

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.24

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cve@rapid7.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-598 Use of GET Request Method With Sensitive Query Strings

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.

https://docs.rapid7.com/release-notes/insightvm/20240327/

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-2745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-2745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-2745

EUVD