CVE-2024-8042 Rapid7 Insight Platform Unauthorized Empty Group Creation

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect...

Rapid7 Insight Platform 安全漏洞

Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys, and settings from Rapid7 USA. A security vulnerability exists in Rapid7 Insight Platform that stems from the inclusion of an authorization missing issue that allows an attacker to intercept local requests to s...