CVE-2023-0681: Rapid7 Nexpose Uncontrolled URL Redirect
First published: Mon Mar 20 2023(Updated: )
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rapid7 InsightVM | <6.6.179 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-0681?
CVE-2023-0681 is an open redirect vulnerability in Rapid7 InsightVM versions 6.6.178 and lower.
How does the open redirect vulnerability in Rapid7 InsightVM work?
The open redirect vulnerability in Rapid7 InsightVM allows an attacker to redirect users to a malicious site using the 'page' parameter of the 'data/console/redirect' component.
What is the severity of CVE-2023-0681?
CVE-2023-0681 has a severity of medium with a CVSS score of 6.1.
Which versions of Rapid7 InsightVM are affected by CVE-2023-0681?
Rapid7 InsightVM versions 6.6.178 and lower are affected by CVE-2023-0681.
How can I resolve the open redirect vulnerability in Rapid7 InsightVM?
To resolve the open redirect vulnerability, update Rapid7 InsightVM to version 6.6.179 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/rapid7
- canonical/rapid7 insightvm