Auth bypass in Rapid7 Insight Platform
CVE-2024-11401
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings…
Vulnerability class: Broken Access Control
EPSS: 0.003 (23.4th percentile) — read the EPSS interpretation.
Affected products
- Rapid7 Insight Platform — versions Before Novemeber 13th
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-11401?
- CVE-2024-11401 is a vulnerability in Rapid7 Insight Platform, classified under Missing Authorization. Published 2024-12-11.
- Is CVE-2024-11401 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.