2024-12-11 09:46:29
rapid7
PUBLISHED
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platforms User Interface). This vulnerability has been fixed as of November 13th 2024.