CVE-2019-5647

Name of the Vulnerable Software and Affected Versions Rapid7 AppSpider versions 3.8.213 and prior

Description The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not.

Recommendations For versions 3.8.213 and prior, update to version 3.8.215 to resolve the issue. As a temporary workaround, consider manually closing all browser sessions after recording a macro to minimize the risk of exploitation.