CVE-2024-2745

Name of the Vulnerable Software and Affected Versions Rapid7 InsightVM versions prior to 6.6.244

Description The maintenance mode login page of Rapid7 InsightVM suffers from a sensitive information exposure issue, where sensitive information such as passwords, auth tokens, and usernames are exposed through query strings in the URL when a login attempt is made before the page is fully loaded. This allows attackers to acquire sensitive information.

Recommendations For versions prior to 6.6.244, update to version 6.6.244 or later to remediate the vulnerability. As a temporary workaround, consider avoiding login attempts before the page is fully loaded to minimize the risk of sensitive information exposure. Restrict access to the maintenance mode login page until the update is applied.