CVE-2023-0681

Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attackers choice using the page parameter of the data/console/redirect component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
rapid7CNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
rapid7insightvm
𝑥
< 6.6.179
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://docs.rapid7.com/release-notes/nexpose/20230208/
https://docs.rapid7.com/release-notes/nexpose/20230208/