CVE-2024-2745

LOW

Rapid7 InsightVM <6.6.244 - Info Disclosure

Title source: llm

Description

Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded. This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc. The vulnerability is remediated in version 6.6.244.

References (1)

[Release Notes] https://docs.rapid7.com/release-notes/insightvm/20240327/

Scores

CVSS v3 3.3

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-598

Status published

Products (1)

rapid7/insightvm < 6.6.244

Published Apr 02, 2024

Tracked Since Feb 18, 2026