Description
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
References
https://docs.rapid7.com/release-notes/insightvm/20220830/
Vendor Advisory
https://docs.rapid7.com/release-notes/insightvm/20220830/
Vendor Advisory
CVSS impact metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 · Low
Information
Source identifier
Vulnerability status
Modified
Published
2022-09-21T13:15:10.243Z
3 years agoLast modified
2024-11-21T03:45:17.407Z
1 year ago