3.1

CVE-2024-8042

EPSS 0.18%
Veröffentlicht 09.09.2024 15:15:12
Zuletzt bearbeitet 17.09.2024 17:25:02
Quelle cve@rapid7.com
CVE-Watchlists
Login
Unerledigt
Login

Rapid7 Insight Platform Unauthorized Empty Group Creation

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rapid7 ≫ Insight Platform Version >= 2019-11-01 < 2024-08-14

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.073

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.1	1.6	1.4	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
cve@rapid7.com	2.4	0.7	1.4	CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://cwe.mitre.org/data/definitions/862.html

Not Applicable

https://nvd.nist.gov/vuln/detail/CVE-2024-8042

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8042

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8042

EUVD