CVE-2019-5641 - Vulnerability Details

Vendors	Products
Rapid7	Insightvm

Link	Providers
https://docs.rapid7.com/release-notes/insightvm/20220830/

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "InsightVM", "vendor": "Rapid7", "versions": [{"lessThanOrEqual": "6.6.160", "status": "affected", "version": "6.6.160", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "datePublic": "2022-08-30T00:00:00", "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Information Exposure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-21T14:45:14", "orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}], "source": {"discovery": "UNKNOWN"}, "title": "Rapid7 InsightVM Information Disclosure after Logout", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "cve@rapid7.com", "DATE_PUBLIC": "2022-08-30T09:00:00.000Z", "ID": "CVE-2019-5641", "STATE": "PUBLIC", "TITLE": "Rapid7 InsightVM Information Disclosure after Logout"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "InsightVM", "version": {"version_data": [{"platform": "", "version_affected": "<=", "version_name": "6.6.160", "version_value": "6.6.160"}]}}]}, "vendor_name": "Rapid7"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Ashutosh Barot reported this vulnerability to Rapid7"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200 Information Exposure"}]}]}, "references": {"reference_data": [{"name": "https://docs.rapid7.com/release-notes/insightvm/20220830/", "refsource": "CONFIRM", "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}]}, "solution": [], "source": {"advisory": "", "defect": [], "discovery": "UNKNOWN"}, "work_around": []}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:52.221Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}]}]}, "cveMetadata": {"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "assignerShortName": "rapid7", "cveId": "CVE-2019-5641", "datePublished": "2022-09-21T14:45:14.786601Z", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-09-16T19:40:19.195Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : InsightVM (string)

vendor : Rapid7 (string)

versions : [ »

0 : { »

lessThanOrEqual : 6.6.160 (string)

status : affected (string)

version : 6.6.160 (string)

versionType : custom (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Ashutosh Barot reported this vulnerability to Rapid7 (string)

}

]

datePublic : 2022-08-30T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 3.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-200 (string)

description : CWE-200 Information Exposure (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2022-09-21T14:45:14 (string)

orgId : 9974b330-7714-4307-a722-5648477acda7 (string)

shortName : rapid7 (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://docs.rapid7.com/release-notes/insightvm/20220830/ (string)

}

]

source : { »

discovery : UNKNOWN (string)

}

title : Rapid7 InsightVM Information Disclosure after Logout (string)

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

AKA : (string)

ASSIGNER : cve@rapid7.com (string)

DATE_PUBLIC : 2022-08-30T09:00:00.000Z (string)

ID : CVE-2019-5641 (string)

STATE : PUBLIC (string)

TITLE : Rapid7 InsightVM Information Disclosure after Logout (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : InsightVM (string)

version : { »

version_data : [ »

0 : { »

platform : (string)

version_affected : <= (string)

version_name : 6.6.160 (string)

version_value : 6.6.160 (string)

}

]

}

]

}

vendor_name : Rapid7 (string)

}

]

}

configuration : [ *empty* ]

credit : [ »

0 : { »

lang : eng (string)

value : Ashutosh Barot reported this vulnerability to Rapid7 (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user (string)

}

]

}

exploit : [ *empty* ]

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 3.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-200 Information Exposure (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://docs.rapid7.com/release-notes/insightvm/20220830/ (string)

refsource : CONFIRM (string)

url : https://docs.rapid7.com/release-notes/insightvm/20220830/ (string)

}

]

}

solution : [ *empty* ]

source : { »

advisory : (string)

defect : [ *empty* ]

discovery : UNKNOWN (string)

}

work_around : [ *empty* ]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T20:01:52.221Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://docs.rapid7.com/release-notes/insightvm/20220830/ (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9974b330-7714-4307-a722-5648477acda7 (string)

assignerShortName : rapid7 (string)

cveId : CVE-2019-5641 (string)

datePublished : 2022-09-21T14:45:14.786601Z (string)

dateReserved : 2019-01-07T00:00:00 (string)

dateUpdated : 2024-09-16T19:40:19.195Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*", "matchCriteriaId": "92D55F81-2863-4161-A9BE-D9845CEA085F", "versionEndIncluding": "6.6.160", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}, {"lang": "es", "value": "Rapid7 InsightVM sufre un problema de exposici\u00f3n de informaci\u00f3n por el que, cuando la sesi\u00f3n del usuario ha finalizado por inactividad, un atacante puede usar la funci\u00f3n del navegador Inspect Element para eliminar el panel de acceso y visualizar los detalles disponibles en la \u00faltima p\u00e1gina web visitada por el usuario anterior"}], "id": "CVE-2019-5641", "lastModified": "2024-11-21T04:45:17.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cve@rapid7.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-21T15:15:10.243", "references": [{"source": "cve@rapid7.com", "tags": ["Vendor Advisory"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://docs.rapid7.com/release-notes/insightvm/20220830/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 92D55F81-2863-4161-A9BE-D9845CEA085F (string)

versionEndIncluding : 6.6.160 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user (string)

}

1 : { »

lang : es (string)

value : Rapid7 InsightVM sufre un problema de exposición de información por el que, cuando la sesión del usuario ha finalizado por inactividad, un atacante puede usar la función del navegador Inspect Element para eliminar el panel de acceso y visualizar los detalles disponibles en la última página web visitada por el usuario anterior (string)

}

]

id : CVE-2019-5641 (string)

lastModified : 2024-11-21T04:45:17.407 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 3.3 (number)

baseSeverity : LOW (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 1.4 (number)

source : cve@rapid7.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2022-09-21T15:15:10.243 (string)

references : [ »

0 : { »

source : cve@rapid7.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://docs.rapid7.com/release-notes/insightvm/20220830/ (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://docs.rapid7.com/release-notes/insightvm/20220830/ (string)

}

]

sourceIdentifier : cve@rapid7.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-200 (string)

}

]

source : cve@rapid7.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-613 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object