PT-2023-16451 · Rapid7 · Insightvm

Beau Taub

Publicado

2023-03-20

Atualizado

2023-03-23

CVE-2023-0681

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Rapid7 InsightVM versions 6.6.178 and lower

Description The issue allows an attacker to redirect the user to a site of their choice using the page parameter of the data/console/redirect component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.

Recommendations For versions 6.6.178 and lower, update to version 6.6.179 or later to resolve the issue. As a temporary workaround, consider restricting access to the data/console/redirect component of the application until a patch is available. Avoid using the page parameter in the affected component until the issue is resolved.

Correção

Open Redirect

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-601

Identificadores relacionados

CVE-2023-0681

Produtos afetados

Insightvm

PT-2023-16451 · Rapid7 · Insightvm

CVE-2023-0681

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5