VYPR
Unrated severityNVD Advisory· Published Apr 2, 2024· Updated Aug 1, 2024

Rapid7 InsightVM Sensitive Information Exposure via URL

CVE-2024-2745

Description

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.  This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.

The vulnerability is remediated in version 6.6.244.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Rapid7/InsightVMllm-fuzzy2 versions
    <6.6.244+ 1 more
    • (no CPE)range: <6.6.244
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.