CVE-2019-5641: Rapid7 InsightVM Information Disclosure after Logout
First published: Tue Aug 30 2022(Updated: )
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rapid7 InsightVM | <=6.6.160 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this information exposure issue in Rapid7 InsightVM?
The vulnerability ID for this information exposure issue in Rapid7 InsightVM is CVE-2019-5641.
What is the severity rating of CVE-2019-5641?
CVE-2019-5641 has a severity rating of 5.3 (medium).
What is the affected software for CVE-2019-5641?
The affected software for CVE-2019-5641 is Rapid7 InsightVM version up to 6.6.160.
How can an attacker exploit CVE-2019-5641?
An attacker can exploit CVE-2019-5641 by using the Inspect Element browser feature to remove the login panel and view details in the last webpage visited by the previous user.
Is there a fix or patch available for CVE-2019-5641?
To mitigate CVE-2019-5641, update Rapid7 InsightVM to a version higher than 6.6.160 as listed in the release notes.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/title
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/rapid7
- canonical/rapid7 insightvm
- version/rapid7 insightvm/6.6.160