13 matches found
EUVD-2024-48899
Malicious code in bioql PyPI...
EUVD-2024-34105
Malicious code in bioql PyPI...
CVE-2024-8042
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...
CVE-2024-11401
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...
CVE-2024-11401
Rapid7 Insight Platform shows a privilege escalation vulnerability in versions prior to 2024-11-13, where a standard user can update the password policy via the platform API due to missing authorization checks (not possible through the UI). The issue is documented as fixed as of 2024-11-13. Appli...
CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...
CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...
Rapid7 Insight Platform 安全漏洞
Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys and settings from Rapid7 USA. Rapid7 Insight Platform has a security vulnerability that stems from a lack of authorization checks. An attacker can exploit the vulnerability to elevate privileges...
CVE-2024-8042
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...
CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...
CVE-2024-8042
CVE-2024-8042 affects Rapid7 Insight Platform versions from November 2019 through August 14, 2024, due to missing authorization that enables an attacker to intercept local requests to set the name and description of a new user group. This could lead to an empty user group being created for the in...
PT-2024-38768 · Rapid7 · Rapid7 Insight Platform
Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Platform versions between November 2019 and August 14, 2024 Description: The issue is related to missing authorization in the Rapid7 Insight Platform, allowing an attacker to intercept local requests and potentially add an empt...
Rapid7 Insight Platform 安全漏洞
Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys, and settings from Rapid7 USA. A security vulnerability exists in Rapid7 Insight Platform that stems from the inclusion of an authorization missing issue that allows an attacker to intercept local requests to s...