CVE-2024-8042

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

PT-2024-38768 · Rapid7 · Rapid7 Insight Platform

Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Platform versions between November 2019 and August 14, 2024 Description: The issue is related to missing authorization in the Rapid7 Insight Platform, allowing an attacker to intercept local requests and potentially add an empt...