CVE-2019-5641 - OpenCVE

Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rapid7	Insightvm

Configuration 1 [-]

cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://docs.rapid7.com/release-notes/insightvm/20220830/

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2022-09-21T14:45:14.786601Z

Updated: 2024-09-16T19:40:19.195Z

Reserved: 2019-01-07T00:00:00

Link: CVE-2019-5641

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-09-21T15:15:10.243

Modified: 2022-09-23T15:10:21.803

Link: CVE-2019-5641

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "InsightVM", "vendor": "Rapid7", "versions": [{"lessThanOrEqual": "6.6.160", "status": "affected", "version": "6.6.160", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "datePublic": "2022-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T14:45:14", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}], "source": {"discovery": "UNKNOWN"}, "title": "Rapid7 InsightVM Information Disclosure after Logout", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2022-08-30T09:00:00.000Z", "ID": "CVE-2019-5641", "STATE": "PUBLIC", "TITLE": "Rapid7 InsightVM Information Disclosure after Logout"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InsightVM", "version": {"version_data": [{"platform": "", "version_affected": "<=", "version_name": "6.6.160", "version_value": "6.6.160"}]}}]}, "vendor_name": "Rapid7"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://docs.rapid7.com/release-notes/insightvm/20220830/", "refsource": "CONFIRM", "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "UNKNOWN"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.221Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5641", "datePublished": "2022-09-21T14:45:14.786601Z", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-09-16T19:40:19.195Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D55F81-2863-4161-A9BE-D9845CEA085F", "versionEndIncluding": "6.6.160", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}, {"lang": "es", "value": "Rapid7 InsightVM sufre un problema de exposici\u00f3n de informaci\u00f3n por el que, cuando la sesi\u00f3n del usuario ha finalizado por inactividad, un atacante puede usar la funci\u00f3n del navegador Inspect Element para eliminar el panel de acceso y visualizar los detalles disponibles en la \u00faltima p\u00e1gina web visitada por el usuario anterior"}], "id": "CVE-2019-5641", "lastModified": "2022-09-23T15:10:21.803", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2022-09-21T15:15:10.243", "references": [{"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve@rapid7.com", "type": "Secondary"}]}