CVE-2019-5630 - OpenCVE

A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rapid7	Nexpose

Configuration 1 [-]

cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2019-07-03T17:00:55

Updated: 2024-08-04T20:01:51.880Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5630

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-07-03T17:15:10.597

Modified: 2019-10-09T23:51:00.760

Link: CVE-2019-5630

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Nexpose/InsightVM Security Console", "vendor": "Rapid7", "versions": [{"status": "affected", "version": "6.5.0 through 6.5.68"}]}], "credits": [{"lang": "en", "value": "Thanks to Rodney Beede of Rackspace (https://www.rodneybeede.com/) for finding this issue and reporting it to Rapid7. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).\n"}], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request."}], "exploits": [{"lang": "en", "value": "In order to exploit this vulnerability, an attacker would have had to create and host a vulnerable .swf file on their own web server and have the user visit the page that hosts this file. Once the user visits this page, the .swf would run in-browser and cause a 307 redirect, which in turn would direct the victim to the API endpoint and make the CSRF request."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Request Forgery ", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-03T17:00:55", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"}], "solutions": [{"lang": "en", "value": "This issue minimally affects Security Console versions 6.5.0 through 6.5.68. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to 6.5.69 (or later if available)."}], "source": {"advisory": "R7-2019-17", "discovery": "USER"}, "title": "Rapid7 Nexpose/InsightVM Security Console CSRF", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@rapid7.com", "ID": "CVE-2019-5630", "STATE": "PUBLIC", "TITLE": "Rapid7 Nexpose/InsightVM Security Console CSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Nexpose/InsightVM Security Console", "version": {"version_data": [{"version_value": "6.5.0 through 6.5.68"}]}}]}, "vendor_name": "Rapid7"}]}}, "credit": [{"lang": "eng", "value": "Thanks to Rodney Beede of Rackspace (https://www.rodneybeede.com/) for finding this issue and reporting it to Rapid7. It is being disclosed in accordance Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).\n"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request."}]}, "exploit": [{"lang": "en", "value": "In order to exploit this vulnerability, an attacker would have had to create and host a vulnerable .swf file on their own web server and have the user visit the page that hosts this file. Once the user visits this page, the .swf would run in-browser and cause a 307 redirect, which in turn would direct the victim to the API endpoint and make the CSRF request."}], "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Request Forgery "}]}]}, "references": {"reference_data": [{"name": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69", "refsource": "CONFIRM", "url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"}]}, "solution": [{"lang": "en", "value": "This issue minimally affects Security Console versions 6.5.0 through 6.5.68. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to 6.5.69 (or later if available)."}], "source": {"advisory": "R7-2019-17", "discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.880Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5630", "datePublished": "2019-07-03T17:00:55", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-08-04T20:01:51.880Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*", "matchCriteriaId": "690F6F1D-AE3F-4F2D-BEF6-F32C4B93BB07", "versionEndIncluding": "6.5.68", "versionStartIncluding": "6.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability was found in Rapid7 Nexpose InsightVM Security Console versions 6.5.0 through 6.5.68. This issue allows attackers to exploit CSRF vulnerabilities on API endpoints using Flash to circumvent a cross-domain pre-flight OPTIONS request."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de falsificaci\u00f3n de solicitudes en Cross-Site (CSRF) en las versiones 6.5.0 a 6.5.68 de la consola de seguridad InsightVM de Rapid7 Nexpose. Este problema permite a los atacantes aprovechar las vulnerabilidades de CSRF en los puntos finales de la API utilizando Flash para eludir una solicitud de OPCIONES previas al vuelo entre dominios."}], "id": "CVE-2019-5630", "lastModified": "2019-10-09T23:51:00.760", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2019-07-03T17:15:10.597", "references": [{"source": "cve@rapid7.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://help.rapid7.com/nexpose/en-us/release-notes#6.5.69"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}