Security Advisory

CVE-2019-5642

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-11-06 18:30:42

Last updated 2024-09-17 04:24:03

Assigner rapid7

State PUBLISHED

Description

Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.

← Browse all CVEs View on cve.org ↗