Vulnerabilities > Rapid7 > Metasploit > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-06 | CVE-2019-5642 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapid7 Metasploit 4.15.0/4.15.1/4.16.0 Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. | 2.1 |
| 2017-06-15 | CVE-2017-5244 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit 4.13.0/4.13.1/4.13.19 Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. | 3.5 |