Insight Platform

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:rapid7:insight_platform:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorRapid7 (d570a41c-9d2a-5057-8a47-227f116734f8)
ProductInsight Platform (386286fe-fa09-5476-89a9-4cb416b28887)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-8042 vulnerable 2026-06-03 14:58:08.011509 Rapid7 Insight Platform Unauthorized Empty Group Creation
LOW (2.4)
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.
Published: 2024-09-09T15:02:38.681Z
Updated: 2024-09-09T17:12:45.623Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-11401 vulnerable 2026-06-03 14:54:14.118364 Rapid7 Insight Platform Privilege Escalation Vulnerability
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024.
Published: 2024-12-11T09:46:29.398Z
Updated: 2024-12-11T15:08:28.354Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.