漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rapid7 Insight Platform Unauthorized Empty Group Creation
Vulnerability Description
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
Rapid7 Insight Platform 安全漏洞
Vulnerability Description
Rapid7 Insight Platform是美国Rapid7公司的一个用于管理个人资料、用户、产品、API 密钥和设置的平台。 Rapid7 Insight Platform存在安全漏洞,该漏洞源于包含一个授权缺失问题,攻击者可以拦截本地请求以设置新用户组的名称和描述。
CVSS Information
N/A
Vulnerability Type
N/A