CVE-2024-6504 – Rapid7 InsightVM Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2024-6504
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261. Las versiones de Rapid7 InsightVM Console inferiores a 6.6.260 sufren una falla en el mecanismo de protección mediante el cual un atacante con acceso de red a InsightVM Console puede provocar que se sobrecargue o falle al enviar repetidas solicitudes REST no válidas en un corto período de tiempo al puerto 443 de la consola, lo que provoca que la consola se bloquee. para ingresar a un bucle de registro de manejo de excepciones, agotando la CPU. No hay indicios de que un atacante pueda utilizar este método para escalar privilegios, adquirir acceso no autorizado a datos u obtener control de recursos protegidos. • https://docs.rapid7.com/release-notes/insightvm/20240717 • CWE-693: Protection Mechanism Failure •
CVE-2024-0394 – Rapid7 Minerva Armor Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-0394
Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users. The vulnerability has been remediated and fixed in version 4.5.5. Las versiones de Rapid7 Minerva Armor inferiores a 4.5.5 sufren de una vulnerabilidad de escalada de privilegios mediante la cual un atacante autenticado puede elevar privilegios y ejecutar código arbitrario con privilegios de SYSTEM. La vulnerabilidad es causada por la implementación del producto del parámetro `OPENSSLDIR` de OpenSSL, donde se establece en una ruta accesible para usuarios con pocos privilegios. • https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed • CWE-862: Missing Authorization •
CVE-2024-2745 – Rapid7 InsightVM Sensitive Information Exposure via URL
https://notcve.org/view.php?id=CVE-2024-2745
Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244. La página de inicio de sesión en modo de mantenimiento InsightVM de Rapid7 sufre una vulnerabilidad de exposición de información confidencial por la cual, la información confidencial queda expuesta a través de cadenas de consulta en la URL cuando se intenta iniciar sesión antes de que la página esté completamente cargada. Esta vulnerabilidad permite a los atacantes adquirir información confidencial como contraseñas, tokens de autenticación, nombres de usuario, etc. • https://docs.rapid7.com/release-notes/insightvm/20240327 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVE-2023-5950 – Rapid7 Velociraptor Reflected XSS
https://notcve.org/view.php?id=CVE-2023-5950
Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). Las versiones de Rapid7 Velociraptor anteriores a 0.7.0-4 sufren de una vulnerabilidad de cross site scripting. • https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-2273 – Rapid7 Insight Agent Directory Traversal
https://notcve.org/view.php?id=CVE-2023-2273
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. • https://docs.rapid7.com/release-notes/insightagent/20230425 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •