CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11401 – Rapid7 Insight Platform Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-11401
11 Dec 2024 — Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024. • https://cwe.mitre.org/data/definitions/862.html • CWE-862: Missing Authorization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10526 – Rapid7 Velociraptor Local Privilege Escalation In Windows Velociraptor Service
https://notcve.org/view.php?id=CVE-2024-10526
07 Nov 2024 — Rapid7 Velociraptor MSI Installer versions below 0.73.3 suffer from a vulnerability whereby it creates the installation directory with WRITE_DACL permission to the BUILTIN\\Users group. This allows local users who are not administrators to grant themselves the Full Control permission on Velociraptor's files. By modifying Velociraptor's files, local users can subvert the binary and cause the Velociraptor service to execute arbitrary code as the SYSTEM user, or to replace the Velociraptor binary completely. T... • https://docs.velociraptor.app/announcements/2024-cves • CWE-552: Files or Directories Accessible to External Parties CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 3.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8042 – Rapid7 Insight Platform Unauthorized Empty Group Creation
https://notcve.org/view.php?id=CVE-2024-8042
09 Sep 2024 — Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024. • https://cwe.mitre.org/data/definitions/862.html • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6504 – Rapid7 InsightVM Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2024-6504
18 Jul 2024 — Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protecte... • https://docs.rapid7.com/release-notes/insightvm/20240717 • CWE-693: Protection Mechanism Failure •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3185 – Rapid7 Insight Agent Sensitive Key Exposed To Local Users
https://notcve.org/view.php?id=CVE-2024-3185
23 Apr 2024 — A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent. Una clave utilizada en logging.json no sigu... • https://docs.rapid7.com/insightidr/configure-the-insight-agent-to-send-logs • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0394 – Rapid7 Minerva Armor Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-0394
03 Apr 2024 — Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege. The vulnerability is caused by the product's implementation of OpenSSL's`OPENSSLDIR` parameter where it is set to a path accessible to low-privileged users. The vulnerability has been remediated and fixed in version 4.5.5. Las versiones de Rapid7 Minerva Armor inferiores a 4.5.5 sufren de una vulnerabilidad de es... • https://www.rapid7.com/blog/post/2024/04/03/cve-2024-0394-rapid7-minerva-armor-privilege-escalation-fixed • CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2745 – Rapid7 InsightVM Sensitive Information Exposure via URL
https://notcve.org/view.php?id=CVE-2024-2745
02 Apr 2024 — Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244. La página de inicio de sesión en modo de mantenimiento InsightVM de Rapid7 sufre una vulnerabilidad de ex... • https://docs.rapid7.com/release-notes/insightvm/20240327 • CWE-598: Use of GET Request Method With Sensitive Query Strings •
CVSS: 8.6EPSS: 0%CPEs: 4EXPL: 0CVE-2023-5950 – Rapid7 Velociraptor Reflected XSS
https://notcve.org/view.php?id=CVE-2023-5950
06 Nov 2023 — Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). Las versiones de Rapid7 Velociraptor anteriores a 0.7.0-4 sufren de una vulnerabilidad de cross site scripti... • https://github.com/Velocidex/velociraptor/releases/tag/v0.7.0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2273 – Rapid7 Insight Agent Directory Traversal
https://notcve.org/view.php?id=CVE-2023-2273
26 Apr 2023 — Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. • https://docs.rapid7.com/release-notes/insightagent/20230425 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2226 – Velociraptor crashes while parsing some malformed PE or OLE files.
https://notcve.org/view.php?id=CVE-2023-2226
21 Apr 2023 — Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be p... • https://github.com/Velocidex/velociraptor • CWE-125: Out-of-bounds Read •