Vulnerabilities > Rapid7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-06 | CVE-2023-5950 | Cross-site Scripting vulnerability in Rapid7 Velociraptor Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. | 6.1 |
| 2023-04-26 | CVE-2023-2273 | Path Traversal vulnerability in Rapid7 Insight Agent Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. | 7.5 |
| 2023-04-21 | CVE-2023-2226 | Out-of-bounds Read vulnerability in Rapid7 Velociraptor Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. | 5.3 |
| 2023-03-30 | CVE-2023-1699 | Forced Browsing vulnerability in Rapid7 Nexpose Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. | 9.8 |
| 2023-03-24 | CVE-2021-3844 | Insufficient Session Expiration vulnerability in Rapid7 Insightvm Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. | 5.4 |
| 2023-03-21 | CVE-2023-1304 | Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. | 8.8 |
| 2023-03-21 | CVE-2023-1305 | Unspecified vulnerability in Rapid7 Insightappsec and Insightcloudsec An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. | 8.1 |
| 2023-03-21 | CVE-2023-1306 | Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. | 8.8 |
| 2023-03-20 | CVE-2023-0681 | Open Redirect vulnerability in Rapid7 Insightvm Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. | 6.1 |
| 2023-02-01 | CVE-2023-0599 | Cross-site Scripting vulnerability in Rapid7 Metasploit Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. | 4.8 |