Today > 8 Critical | 28 High | 31 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-11401

Dec. 11, 2024, 10:15 a.m.

Tags

CWE-862
cve@rapid7.com
2024-12-11
CVE-2024-11401

Product(s) Impacted

Rapid7 Insight Platform

  • before November 13th 2024

Description

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024.

Weaknesses

CWE-862
Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

CWE ID: 862

Date

Published: Dec. 11, 2024, 10:15 a.m.

Last Modified: Dec. 11, 2024, 10:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@rapid7.com

References

https://cwe.mitre.org/ cve@rapid7.com