Latest Rapid7 Vulnerabilities

CVE-2023-5950
Rapid7 Velociraptor Reflected XSS
Rapid7 Velociraptor<0.6.9-1
Rapid7 Velociraptor=0.7.0
Rapid7 Velociraptor=0.7.0-rc1
Rapid7 Velociraptor=0.7.0-3
CVE-2023-2273
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is u...
Rapid7 Insight Agent<3.3.0
CVE-2023-2226
Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For...
Rapid7 Velociraptor<0.6.8
CVE-2023-1699
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages....
Rapid7 Nexpose<6.6.187
CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an...
Rapid7 InsightVM<6.5.50
CVE-2023-1306
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Ma...
Rapid7 InsightAppSec<23.2.1
Rapid7 Insightcloudsec<2023.02.01
Rapid7 Insightcloudsec<2023.02.01
CVE-2023-1304
An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue wa...
Rapid7 InsightAppSec<23.2.1
Rapid7 Insightcloudsec<2023.02.01
Rapid7 Insightcloudsec<2023.02.01
CVE-2023-1305
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed a...
Rapid7 InsightAppSec<23.2.1
Rapid7 Insightcloudsec<2023.02.01
Rapid7 Insightcloudsec<2023.02.01
CVE-2023-0681
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ pa...
Rapid7 InsightVM<6.6.179
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authentic...
Rapid7 Metasploit<=4.21.2
CVE-2022-3913
Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged positi...
Rapid7 Nexpose>=6.6.82<6.6.178
CVE-2023-0290
Rapid7 Velociraptor did not properly sanitize the client ID parameter to the CreateCollection API, allowing a directory traversal in where the collection task could be written. It was possible to prov...
Rapid7 Velociraptor<0.6.7-5
CVE-2017-5242
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virt...
Rapid7 InsightVM>=2017-04-05<=2017-05-03
CVE-2022-4261
Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the...
Rapid7 InsightVM<6.6.172
Rapid7 Nexpose<6.6.172
CVE-2019-5641
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login pa...
Rapid7 InsightVM<=6.6.160
CVE-2022-35631
On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. Thi...
Rapid7 Velociraptor<0.6.5-2
Apple macOS
Linux Linux kernel
CVE-2022-35630
A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor...
Rapid7 Velociraptor<0.6.5-2
CVE-2022-35632
The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-sit...
Rapid7 Velociraptor<0.6.5-2
CVE-2022-35629
Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to...
Rapid7 Velociraptor<0.6.5-2
CVE-2022-0237
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe c...
Rapid7 Insight Agent<=3.1.2.38
CVE-2022-0757
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticat...
Rapid7 Nexpose<=6.6.93
CVE-2022-0758
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker ...
Rapid7 Nexpose<6.6.130
CVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of...
Rapid7 Insight Agent<3.1.3
CVE-2021-4007
Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, th...
Rapid7 Insight Agent>=3.0.1<3.1.2.35
CVE-2019-5640
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature...
Rapid7 Nexpose<6.6.114
CVE-2021-3619
Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executab...
Rapid7 Velociraptor<0.6.0
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination...
Rapid7 Nexpose<6.6.81
CVE-2020-7385
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance o...
Rapid7 Metasploit<4.19.0
CVE-2020-7384
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Rapid7 Metasploit<4.19.0
CVE-2020-7383
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been abl...
Rapid7 Nexpose<6.6.49
CVE-2020-7358
In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This wou...
Rapid7 Appspider<7.2.126
CVE-2020-7382
Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted Search Path which may allow an attacker on the local machine to insert an arbitrary file into the executable path. This issue affe...
Rapid7 Nexpose<6.6.40
CVE-2020-7381
In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This w...
Rapid7 Nexpose<6.6.40
CVE-2019-5645
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can eith...
Rapid7 Metasploit<=5.0.27
CVE-2020-7377
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitr...
Rapid7 Metasploit>=4.12.40<6.0.3
CVE-2020-7376
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to ...
Rapid7 Metasploit>=4.11.7<6.0.3
CVE-2020-7355
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an ...
Rapid7 Metasploit<4.17.1
Rapid7 Metasploit=4.17.1
Rapid7 Metasploit=4.17.1-20170221
Rapid7 Metasploit=4.17.1-20170323
Rapid7 Metasploit=4.17.1-20170405
Rapid7 Metasploit=4.17.1-20170419
and 70 more
CVE-2020-7354
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store a...
Rapid7 Metasploit<4.17.1
Rapid7 Metasploit=4.17.1
Rapid7 Metasploit=4.17.1-20170221
Rapid7 Metasploit=4.17.1-20170323
Rapid7 Metasploit=4.17.1-20170405
Rapid7 Metasploit=4.17.1-20170419
and 70 more
CVE-2020-7350
Rapid7 Metasploit<5.0.85
CVE-2012-6494
Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access.
Rapid7 Nexpose<5.5.4
CVE-2019-5647
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacki...
Rapid7 Appspider<=3.8.213
CVE-2019-5638
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's pa...
Rapid7 Nexpose<=6.5.50
CVE-2019-5631
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system (who must already be authenticated to...
Rapid7 InsightAppSec<=2019.06.24
CVE-2019-5629
Rapid7 Insight Agent, version 2.6.3 and prior, suffers from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent 2.6.3 and prior starts, the Python int...
Rapid7 Insight Agent<=2.6.3
CVE-2019-5630
A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on A...
Rapid7 Nexpose>=6.5.0<=6.5.68
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this...
Rapid7 Metasploit<=4.14.0
CVE-2019-5615
Users with Site-level permissions can access files containing the username-encrypted passwords of Security Console Global Administrators and clear-text passwords for restoring backups, as well as the ...
Rapid7 InsightVM>=6.5.11<=6.5.49
CVE-2018-5559
In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring se...
Rapid7 Komand<=0.41.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203