CVE-2024-11401 – Rapid7 Insight Platform Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2024-11401

11 Dec 2024 — Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024. • https://cwe.mitre.org/data/definitions/862.html • CWE-862: Missing Authorization •