PT-2023-16451 · Rapid7 · Insightvm
Beau Taub
·
Published
2023-03-20
·
Updated
2023-03-23
·
CVE-2023-0681
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rapid7 InsightVM versions 6.6.178 and lower
Description
The issue allows an attacker to redirect the user to a site of their choice using the
page parameter of the data/console/redirect component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.Recommendations
For versions 6.6.178 and lower, update to version 6.6.179 or later to resolve the issue.
As a temporary workaround, consider restricting access to the
data/console/redirect component of the application until a patch is available.
Avoid using the page parameter in the affected component until the issue is resolved.Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Insightvm