CVE-2023-0681
CVSS V2 None
CVSS V3 None
Description
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.
Overview
- CVE ID
- CVE-2023-0681
- Assigner
- cve@rapid7.con
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-20T20:15:52
- Last Modified Date
- 2023-03-23T19:06:55
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:* | 1 | OR | 6.6.179 |
References
| Reference URL | Reference Tags |
|---|---|
| https://docs.rapid7.com/release-notes/nexpose/20230208/ | Release Notes |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0681 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0681 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 03:00:39 | Added to TrackCVE | |||
| 2023-04-17 03:00:42 | Weakness Enumeration | new |