Описание
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.6.114 (исключая)
cpe:2.3:a:rapid7:nexpose:*:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00171
Низкий
3.3 Low
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
около 4 лет назад
Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
EPSS
Процентиль: 38%
0.00171
Низкий
3.3 Low
CVSS3
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200