CVE-2024-8042 — LOW (2.4) — White Hats Nepal

Q: How severe is CVE-2024-8042?

CVE-2024-8042 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-8042?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Insight Platform.

Vulnerability Description

Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. This could potentially lead to an empty user group being added to the incorrect customer. This vulnerability is remediated as of August 14, 2024.

CVSS Score

2.4

LOW

CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Rapid7	Insight Platform	>= 2019-11-01, < 2024-08-14

Related Weaknesses (CWE)

CWE-862

References

https://cwe.mitre.org/data/definitions/862.htmlNot Applicable

FAQ

What is CVE-2024-8042?

CVE-2024-8042 is a vulnerability with a CVSS score of 2.4 (LOW). Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of ...

How severe is CVE-2024-8042?

CVE-2024-8042 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8042?

Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Insight Platform.