First published: Mon Sep 09 2024(Updated: )
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.
Credit: cve@rapid7.com
Affected Software | Affected Version | How to fix |
---|---|---|
Rapid7 Insight Platform | >=2019-11-01<2024-08-14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.