Vulnerabilities > Rapid7 > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-09 | CVE-2024-8042 | Missing Authorization vulnerability in Rapid7 Insight Platform Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. | 3.1 |
| 2022-01-21 | CVE-2021-4016 | Unspecified vulnerability in Rapid7 Insight Agent Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. | 3.3 |
| 2019-11-06 | CVE-2019-5642 | Incorrect Permission Assignment for Critical Resource vulnerability in Rapid7 Metasploit 4.15.0/4.15.1/4.16.0 Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. | 3.3 |
| 2017-06-15 | CVE-2017-5244 | Cross-Site Request Forgery (CSRF) vulnerability in Rapid7 Metasploit Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. | 3.5 |