CVE-2019-5641— Rapid7 InsightVM Information Disclosure after Logout

Rapid7 InsightVM Information Disclosure after Logout

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

信息暴露

Rapid7 InsightVM 代码问题漏洞

Rapid7 InsightVM是美国Rapid7公司的一款漏洞扫描和管理应用程序。 Rapid7 InsightVM存在安全漏洞，该漏洞源于存在信息泄露问题，当用户会话因不活动而结束时，攻击者可以使用Inspect Element浏览器功能删除登录面板并查看上一个用户访问的最后一个网页中可用的详细信息。

N/A

N/A