Security Advisory

CVE-2024-2745

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-02 09:51:52

Last updated 2024-08-01 19:25:41

Assigner rapid7

State PUBLISHED

Description

Rapid7s InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244.

← Browse all CVEs View on cve.org ↗