Rapid7 InsightVM
Approved changes feed: RSS · Atom
cpe:2.3:a:rapid7:insightvm:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Rapid7 (d570a41c-9d2a-5057-8a47-227f116734f8) |
|---|---|
| Product | Insightvm (c2f9a717-7bb7-59d8-aa34-4711617cf1f6) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-3185 |
vulnerable | 2026-06-03 14:56:23.663332 |
Rapid7 Insight Agent Sensitive Key Exposed To Local Users
MEDIUM (6.8)
A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent.
Published: 2024-04-23T08:39:03.387Z
Updated: 2024-08-01T20:05:08.199Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.