CVE-2019-5642
3.3LOWRapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permi
Опубликовано: 11/6/2019Обновлено: 11/21/2024
Описание
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
ИИ-АнализНа базе ИИ
Затронутые продукты
rapid7metasploit
rapid7metasploit
4.16.0
rapid7metasploit
4.16.0
rapid7metasploit
4.16.0
rapid7metasploit
4.16.0
Ссылки
- https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001Release NotesVendor Advisory
- https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001Release NotesVendor Advisory