Vulnerabilities > Rapid7 > Metasploit > Low

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-5642 Incorrect Permission Assignment for Critical Resource vulnerability in Rapid7 Metasploit 4.15.0/4.15.1/4.16.0
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions.
local
low complexity
rapid7 CWE-732
3.3
2017-06-15 CVE-2017-5244 Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests.
network
low complexity
rapid7 CWE-352
3.5