Description
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024.
INFO
Published Date :
2024-12-11T09:46:29.398Z
Last Modified :
2024-12-11T15:08:28.354Z
Source :
rapid7
AFFECTED PRODUCTS
The following products are affected by CVE-2024-11401 vulnerability.
| Vendors | Products |
|---|---|
| Rapid7 |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11401.
| URL | Resource |
|---|---|
| https://cwe.mitre.org/data/definitions/862.html |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability