Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://cwe.mitre.org/data/definitions/862.html |
![]() ![]() |
History
Wed, 11 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 11 Dec 2024 10:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024. | |
Title | Rapid7 Insight Platform Privilege Escalation Vulnerability | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: rapid7
Published: 2024-12-11T09:46:29.398Z
Updated: 2024-12-11T15:08:28.354Z
Reserved: 2024-11-19T10:07:23.691Z
Link: CVE-2024-11401

Updated: 2024-12-11T15:08:23.979Z

Status : Received
Published: 2024-12-11T10:15:06.013
Modified: 2024-12-11T10:15:06.013
Link: CVE-2024-11401

No data.