Rapid7 · Rapid7 Nexpose · CVE-2021-31868
Name of the Vulnerable Software and Affected Versions:
Rapid7 Nexpose versions 6.6.95 and earlier
Description:
The issue allows authenticated users of the Security Console to view and edit any ticket in the legacy ticketing feature, regardless of the assignment of the ticket. This was resolved in version 6.6.96.
Recommendations:
For versions 6.6.95 and earlier, update to version 6.6.96 or later to resolve the issue. As a temporary workaround, consider restricting access to the legacy ticketing feature in the Security Console until the update is applied.