CVE-2019-5640

Name of the Vulnerable Software and Affected Versions Rapid7 Nexpose versions prior to 6.6.114

Description The issue allows an attacker to expose information when a user's session has ended due to inactivity. By using the inspect element browser feature, an attacker can remove the login panel and view the details available in the last webpage visited by the previous user.

Recommendations For versions prior to 6.6.114, update to version 6.6.114 or later to resolve the issue. As a temporary workaround, consider implementing a shorter session timeout to minimize the window of opportunity for an attacker to exploit the issue. Additionally, restrict access to the inspect element browser feature to minimize the risk of exploitation.