Vulnerabilites related to rapid7 - metasploit
Vulnerability from fkie_nvd
Published
2017-03-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B5DBE6-9BC1-47DD-9F27-AAED6E2E9501",
"versionEndIncluding": "4.13.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
},
{
"lang": "es",
"value": "Todas las ediciones de Rapid7 Metasploit anteriores a la versi\u00f3n 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la funci\u00f3n Meterpreter extapi Clipboard.parse_dump(). Utilizando una construcci\u00f3n de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecuci\u00f3n."
}
],
"id": "CVE-2017-5229",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T20:59:00.500",
"references": [
{
"source": "cve@rapid7.com",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-25 18:15
Modified
2024-11-21 05:37
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://avalz.it/research/metasploit-pro-xss-to-rce/ | Exploit, Third Party Advisory | |
| cve@rapid7.com | https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://avalz.it/research/metasploit-pro-xss-to-rce/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "B4607DF8-1406-428E-AF03-04D3EFE8586D",
"versionEndExcluding": "4.17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:-:*:*:pro:*:*:*",
"matchCriteriaId": "8E047784-19E4-4178-89BD-8F0E6C30DA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170221:*:*:pro:*:*:*",
"matchCriteriaId": "E4C55046-26E4-4BE3-9CFA-42DC05F782BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170323:*:*:pro:*:*:*",
"matchCriteriaId": "2D34B5C5-499B-4F42-86E8-22D978DF8806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170405:*:*:pro:*:*:*",
"matchCriteriaId": "3CBE5966-C31E-4C9F-B2FE-7CDEBD1BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170419:*:*:pro:*:*:*",
"matchCriteriaId": "548C348D-339C-44F7-B755-9F7A13B522E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170510:*:*:pro:*:*:*",
"matchCriteriaId": "CD803A97-AF04-492F-BC1C-A2246BA3DFDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170518:*:*:pro:*:*:*",
"matchCriteriaId": "1D7613E2-195A-4B82-9E44-8DA13E3D8CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170530:*:*:pro:*:*:*",
"matchCriteriaId": "F7CA753B-D800-4897-850B-0E16A6AB5D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170613:*:*:pro:*:*:*",
"matchCriteriaId": "ACEF56C3-AD1B-49C1-BE2A-EBB31B24D024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170627:*:*:pro:*:*:*",
"matchCriteriaId": "F0801B0E-C4F4-4B92-BFE8-030F6177449A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170718:*:*:pro:*:*:*",
"matchCriteriaId": "57CD1F31-5102-4D6C-8380-394A2D3E04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170731:*:*:pro:*:*:*",
"matchCriteriaId": "C3C90EF9-9370-4240-83FC-BEF54ECFBB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170816:*:*:pro:*:*:*",
"matchCriteriaId": "3777FB35-0AE3-4EB5-988C-08CE20E8AB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170828:*:*:pro:*:*:*",
"matchCriteriaId": "645837BA-4122-4B3A-A638-F92894CB0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170914:*:*:pro:*:*:*",
"matchCriteriaId": "80CE6808-487E-4B67-B617-2FC69201C676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170926:*:*:pro:*:*:*",
"matchCriteriaId": "13EF0494-CE9E-4B63-9D2E-2AFB3512BAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171009:*:*:pro:*:*:*",
"matchCriteriaId": "41AC3FDB-AEB9-4B6F-81EB-A4EE7FCD2957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171030:*:*:pro:*:*:*",
"matchCriteriaId": "22BF97B2-EF2A-4DD9-81E9-2806731F5A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171115:*:*:pro:*:*:*",
"matchCriteriaId": "5233FFC8-D110-414F-AA4E-F5AF7C74F585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171129:*:*:pro:*:*:*",
"matchCriteriaId": "D63C9642-EEEA-4B2C-9C6E-9ABBFD9DCBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171206:*:*:pro:*:*:*",
"matchCriteriaId": "63FFB33E-717C-4C6F-8D66-9C9F1C940D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171220:*:*:pro:*:*:*",
"matchCriteriaId": "6768BA01-C0FB-49E2-8A61-28929C2B1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180108:*:*:pro:*:*:*",
"matchCriteriaId": "1866B819-707E-432D-92EA-3AA1F347DAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180124:*:*:pro:*:*:*",
"matchCriteriaId": "BDDCD2E4-6853-41CE-A07A-2F028E72DFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180206:*:*:pro:*:*:*",
"matchCriteriaId": "B3D2C4BF-B825-4890-B2DB-D20FD6756B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180301:*:*:pro:*:*:*",
"matchCriteriaId": "76DB58D7-1B47-4817-9D06-E5656B1331F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180312:*:*:pro:*:*:*",
"matchCriteriaId": "8FF30D6E-0765-4271-A040-235E3B33503E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180327:*:*:pro:*:*:*",
"matchCriteriaId": "85DD6D65-CE57-4A3A-9193-CD82CCD4BDBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180410:*:*:pro:*:*:*",
"matchCriteriaId": "9F1B811A-7790-4407-B910-0C70927F7D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180501:*:*:pro:*:*:*",
"matchCriteriaId": "EE7DFBE8-5ABE-4C67-A85D-8D37E206E51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180511:*:*:pro:*:*:*",
"matchCriteriaId": "E3D1BBDD-D3FD-4F3D-9279-46EDF96FE317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180526:*:*:pro:*:*:*",
"matchCriteriaId": "488C3810-3393-4817-87DB-0E2CD2CA3969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180618:*:*:pro:*:*:*",
"matchCriteriaId": "9E00DD73-1F9B-4944-907E-F1773316B63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180704:*:*:pro:*:*:*",
"matchCriteriaId": "57966911-0CFC-4355-9B08-2F2688302F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180716:*:*:pro:*:*:*",
"matchCriteriaId": "8439D629-F7F0-4ADA-9BC6-2E3E34220CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180727:*:*:pro:*:*:*",
"matchCriteriaId": "A26FBA32-4114-42EB-9427-254AB3B9F06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180813:*:*:pro:*:*:*",
"matchCriteriaId": "4A6AE478-FC91-4A4A-9CB0-7BD29ED42E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180827:*:*:pro:*:*:*",
"matchCriteriaId": "A21F2F21-3970-4F75-B72B-D939F35448BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180907:*:*:pro:*:*:*",
"matchCriteriaId": "A0FD1D96-50EA-47E8-997B-CE6B1E58BADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180924:*:*:pro:*:*:*",
"matchCriteriaId": "31FC17EF-B89B-48A2-9196-5E2DA5A2D118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181009:*:*:pro:*:*:*",
"matchCriteriaId": "1BB88831-3170-453D-B416-E1F962F8AD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181022:*:*:pro:*:*:*",
"matchCriteriaId": "1BBF5DA5-B318-436B-8071-A617B99E0637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181105:*:*:pro:*:*:*",
"matchCriteriaId": "BBD348EF-91F5-4C02-BD98-ABA902131183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181130:*:*:pro:*:*:*",
"matchCriteriaId": "8FE78790-13DE-43F6-80C2-3F85FF6E16E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181215:*:*:pro:*:*:*",
"matchCriteriaId": "BFA0AEAD-9A25-4659-802F-BB56C68847BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190108:*:*:pro:*:*:*",
"matchCriteriaId": "1009C89A-D461-4BFF-A91B-24B7D0E17297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190118:*:*:pro:*:*:*",
"matchCriteriaId": "CA03DBAA-EE97-4D73-9454-13FA73F021E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190201:*:*:pro:*:*:*",
"matchCriteriaId": "24DF8346-A21D-44C7-A491-A58099B4D88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190219:*:*:pro:*:*:*",
"matchCriteriaId": "8B38D653-F840-49FA-B4FA-7C23A101E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190303:*:*:pro:*:*:*",
"matchCriteriaId": "67D0992D-FF74-4F93-A00B-BB4EC0F8A51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190319:*:*:pro:*:*:*",
"matchCriteriaId": "3909F140-EB22-4D05-8576-4C7445A183DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190331:*:*:pro:*:*:*",
"matchCriteriaId": "2610F4B9-0739-4AE8-B4C2-E8578F0466E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190416:*:*:pro:*:*:*",
"matchCriteriaId": "2EA3D971-ECBC-4810-AE61-3167BD3D7F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190426:*:*:pro:*:*:*",
"matchCriteriaId": "E2FBED6C-4BDA-4AE2-999F-5D3063B90D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190513:*:*:pro:*:*:*",
"matchCriteriaId": "51571BCC-8621-4D0F-AE45-DAFF5AD9099A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190603:*:*:pro:*:*:*",
"matchCriteriaId": "35266B59-E489-4BF8-ABA5-1B07B3A3B9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190607:*:*:pro:*:*:*",
"matchCriteriaId": "737684B7-E4EC-46E6-981E-97CDFDEE6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190626:*:*:pro:*:*:*",
"matchCriteriaId": "C46B768B-11A8-473E-8532-AF7230F5390C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190722:*:*:pro:*:*:*",
"matchCriteriaId": "8DA7A63D-9416-4572-81A1-52D8247EAF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190805:*:*:pro:*:*:*",
"matchCriteriaId": "26989ACB-F823-47AF-825C-ACEFC77A5ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190819:*:*:pro:*:*:*",
"matchCriteriaId": "E99A1FF5-59C8-4471-A5F4-F6B39CCD5EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190910:*:*:pro:*:*:*",
"matchCriteriaId": "89361CC7-C9C3-4DD6-A812-ACEA2FD9D3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190930:*:*:pro:*:*:*",
"matchCriteriaId": "F87117F9-9B8D-4267-9CA1-98FEFA00DE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191014:*:*:pro:*:*:*",
"matchCriteriaId": "4510FB72-A61D-4998-9C7B-B368ACADC2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191030:*:*:pro:*:*:*",
"matchCriteriaId": "751D173E-BD8C-40DC-A033-52894F665A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191108:*:*:pro:*:*:*",
"matchCriteriaId": "F28F93F4-EF56-4C56-A34F-3582992039F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191209:*:*:pro:*:*:*",
"matchCriteriaId": "536EAD48-FCF6-46A0-B8C6-58CB07E6F689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200113:*:*:pro:*:*:*",
"matchCriteriaId": "6972D3C6-BBA2-4420-BF7C-F5B0B155E70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200122:*:*:pro:*:*:*",
"matchCriteriaId": "7031F096-9223-481D-A024-6EFB55C6333D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200131:*:*:pro:*:*:*",
"matchCriteriaId": "7BF37270-5ABF-4BF0-AC39-78E36E7DFBC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200218:*:*:pro:*:*:*",
"matchCriteriaId": "B4FC8A3F-0F5D-4E34-8E69-7CA66F3ECC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200302:*:*:pro:*:*:*",
"matchCriteriaId": "E69CD84D-9AD9-42EE-8117-CEE86D04B6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200318:*:*:pro:*:*:*",
"matchCriteriaId": "E6DBB703-B54E-4E16-964A-77356540891C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200330:*:*:pro:*:*:*",
"matchCriteriaId": "BD215E6E-94E9-45CC-9E03-7458FDABFA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200413:*:*:pro:*:*:*",
"matchCriteriaId": "2333BC4C-CB58-4BA1-ACD2-CDC308DB7B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027notes\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated \u0027host\u0027 field of a discovered scan asset."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en el campo \"notes\" de un activo de escaneo detectado en Rapid7 Metasploit Pro, permite a un atacante con un servicio de red especialmente dise\u00f1ado de un objetivo de escaneo almacenar una secuencia de tipo XSS en la consola de Metasploit Pro, que se activar\u00e1 cuando el operador visualiza el registro de ese host escaneado en la interfaz de Metasploit Pro. Este problema afecta a Rapid7 Metasploit Pro versi\u00f3n 4.17.1-20200427 y versiones anteriores, y es corregido en Metasploit Pro versi\u00f3n 4.17.1-20200514. Consulte tambi\u00e9n CVE-2020-7354, que describe un problema similar, pero involucrando el campo \"host\" generado de un activo de escaneo detectado"
}
],
"id": "CVE-2020-7355",
"lastModified": "2024-11-21T05:37:06.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-25T18:15:12.410",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-06-15 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B5DBE6-9BC1-47DD-9F27-AAED6E2E9501",
"versionEndIncluding": "4.13.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
},
{
"lang": "es",
"value": "Las rutas empleadas para dejar de ejecutar tareas de Metasploit (espec\u00edficas o todas) permit\u00edan peticiones GET. Solo deber\u00edan haberse permitido las peticiones POST, ya que las rutas stop/stop_all cambian el estado del servicio. Esto podr\u00eda haber permitido que un atacante detenga las tareas de Metasploit actualmente en ejecuci\u00f3n haciendo que un usuario autenticado ejecute JavaScript. En Metasploit 4.14.0 (Update 2017061301), las rutas para detener tareas solo permiten peticiones POST, que validan la presencia de un token secreto para evitar ataques Cross-Site Request Forgery (CSRF)."
}
],
"id": "CVE-2017-5244",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-06-15T14:29:00.213",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"source": "cve@rapid7.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-30 17:29
Modified
2024-11-21 04:45
Severity ?
Summary
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://blog.doyensec.com/2019/04/24/rubyzip-bug.html | Exploit, Third Party Advisory | |
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/11716 | Exploit, Patch, Third Party Advisory | |
| cve@rapid7.com | https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.doyensec.com/2019/04/24/rubyzip-bug.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/11716 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "006185B3-4A66-4A98-A991-831DCCA0C619",
"versionEndIncluding": "4.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."
},
{
"lang": "es",
"value": "Rapid7 Metasploit Framework padece de una situaci\u00f3n de CWE-22, limitaci\u00f3n inapropiada de un Pathname a un directorio restringido (\u0027Path Traversal\u0027) en la funci\u00f3n Zip import de Metasploit. La operaci\u00f3n de esta vulnerabilidad puede permitir a un atacante ejecutar c\u00f3digo arbitrario en Metasploit desde el nivel de privilegio del usuario que ejecuta Metasploit. Este problema afecta a: Rapid7 Metasploit Framework versi\u00f3n 4.14.0 y versiones anteriores."
}
],
"id": "CVE-2019-5624",
"lastModified": "2024-11-21T04:45:15.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 5.8,
"source": "cve@rapid7.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-30T17:29:01.087",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B5DBE6-9BC1-47DD-9F27-AAED6E2E9501",
"versionEndIncluding": "4.13.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
},
{
"lang": "es",
"value": "Todas las ediciones de Rapid7 Metasploit anteriores a la versi\u00f3n 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la funci\u00f3n Meterpreter stdapi Dir.download(). Utilizando una construcci\u00f3n de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecuci\u00f3n."
}
],
"id": "CVE-2017-5228",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T20:59:00.267",
"references": [
{
"source": "cve@rapid7.com",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-25 18:15
Modified
2024-11-21 05:37
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://avalz.it/research/metasploit-pro-xss-to-rce/ | Exploit, Third Party Advisory | |
| cve@rapid7.com | https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://avalz.it/research/metasploit-pro-xss-to-rce/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514 | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "B4607DF8-1406-428E-AF03-04D3EFE8586D",
"versionEndExcluding": "4.17.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:-:*:*:pro:*:*:*",
"matchCriteriaId": "8E047784-19E4-4178-89BD-8F0E6C30DA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170221:*:*:pro:*:*:*",
"matchCriteriaId": "E4C55046-26E4-4BE3-9CFA-42DC05F782BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170323:*:*:pro:*:*:*",
"matchCriteriaId": "2D34B5C5-499B-4F42-86E8-22D978DF8806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170405:*:*:pro:*:*:*",
"matchCriteriaId": "3CBE5966-C31E-4C9F-B2FE-7CDEBD1BC9FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170419:*:*:pro:*:*:*",
"matchCriteriaId": "548C348D-339C-44F7-B755-9F7A13B522E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170510:*:*:pro:*:*:*",
"matchCriteriaId": "CD803A97-AF04-492F-BC1C-A2246BA3DFDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170518:*:*:pro:*:*:*",
"matchCriteriaId": "1D7613E2-195A-4B82-9E44-8DA13E3D8CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170530:*:*:pro:*:*:*",
"matchCriteriaId": "F7CA753B-D800-4897-850B-0E16A6AB5D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170613:*:*:pro:*:*:*",
"matchCriteriaId": "ACEF56C3-AD1B-49C1-BE2A-EBB31B24D024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170627:*:*:pro:*:*:*",
"matchCriteriaId": "F0801B0E-C4F4-4B92-BFE8-030F6177449A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170718:*:*:pro:*:*:*",
"matchCriteriaId": "57CD1F31-5102-4D6C-8380-394A2D3E04E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170731:*:*:pro:*:*:*",
"matchCriteriaId": "C3C90EF9-9370-4240-83FC-BEF54ECFBB04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170816:*:*:pro:*:*:*",
"matchCriteriaId": "3777FB35-0AE3-4EB5-988C-08CE20E8AB60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170828:*:*:pro:*:*:*",
"matchCriteriaId": "645837BA-4122-4B3A-A638-F92894CB0F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170914:*:*:pro:*:*:*",
"matchCriteriaId": "80CE6808-487E-4B67-B617-2FC69201C676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20170926:*:*:pro:*:*:*",
"matchCriteriaId": "13EF0494-CE9E-4B63-9D2E-2AFB3512BAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171009:*:*:pro:*:*:*",
"matchCriteriaId": "41AC3FDB-AEB9-4B6F-81EB-A4EE7FCD2957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171030:*:*:pro:*:*:*",
"matchCriteriaId": "22BF97B2-EF2A-4DD9-81E9-2806731F5A3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171115:*:*:pro:*:*:*",
"matchCriteriaId": "5233FFC8-D110-414F-AA4E-F5AF7C74F585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171129:*:*:pro:*:*:*",
"matchCriteriaId": "D63C9642-EEEA-4B2C-9C6E-9ABBFD9DCBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171206:*:*:pro:*:*:*",
"matchCriteriaId": "63FFB33E-717C-4C6F-8D66-9C9F1C940D87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20171220:*:*:pro:*:*:*",
"matchCriteriaId": "6768BA01-C0FB-49E2-8A61-28929C2B1B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180108:*:*:pro:*:*:*",
"matchCriteriaId": "1866B819-707E-432D-92EA-3AA1F347DAED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180124:*:*:pro:*:*:*",
"matchCriteriaId": "BDDCD2E4-6853-41CE-A07A-2F028E72DFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180206:*:*:pro:*:*:*",
"matchCriteriaId": "B3D2C4BF-B825-4890-B2DB-D20FD6756B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180301:*:*:pro:*:*:*",
"matchCriteriaId": "76DB58D7-1B47-4817-9D06-E5656B1331F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180312:*:*:pro:*:*:*",
"matchCriteriaId": "8FF30D6E-0765-4271-A040-235E3B33503E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180327:*:*:pro:*:*:*",
"matchCriteriaId": "85DD6D65-CE57-4A3A-9193-CD82CCD4BDBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180410:*:*:pro:*:*:*",
"matchCriteriaId": "9F1B811A-7790-4407-B910-0C70927F7D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180501:*:*:pro:*:*:*",
"matchCriteriaId": "EE7DFBE8-5ABE-4C67-A85D-8D37E206E51C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180511:*:*:pro:*:*:*",
"matchCriteriaId": "E3D1BBDD-D3FD-4F3D-9279-46EDF96FE317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180526:*:*:pro:*:*:*",
"matchCriteriaId": "488C3810-3393-4817-87DB-0E2CD2CA3969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180618:*:*:pro:*:*:*",
"matchCriteriaId": "9E00DD73-1F9B-4944-907E-F1773316B63B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180704:*:*:pro:*:*:*",
"matchCriteriaId": "57966911-0CFC-4355-9B08-2F2688302F96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180716:*:*:pro:*:*:*",
"matchCriteriaId": "8439D629-F7F0-4ADA-9BC6-2E3E34220CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180727:*:*:pro:*:*:*",
"matchCriteriaId": "A26FBA32-4114-42EB-9427-254AB3B9F06B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180813:*:*:pro:*:*:*",
"matchCriteriaId": "4A6AE478-FC91-4A4A-9CB0-7BD29ED42E77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180827:*:*:pro:*:*:*",
"matchCriteriaId": "A21F2F21-3970-4F75-B72B-D939F35448BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180907:*:*:pro:*:*:*",
"matchCriteriaId": "A0FD1D96-50EA-47E8-997B-CE6B1E58BADA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20180924:*:*:pro:*:*:*",
"matchCriteriaId": "31FC17EF-B89B-48A2-9196-5E2DA5A2D118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181009:*:*:pro:*:*:*",
"matchCriteriaId": "1BB88831-3170-453D-B416-E1F962F8AD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181022:*:*:pro:*:*:*",
"matchCriteriaId": "1BBF5DA5-B318-436B-8071-A617B99E0637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181105:*:*:pro:*:*:*",
"matchCriteriaId": "BBD348EF-91F5-4C02-BD98-ABA902131183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181130:*:*:pro:*:*:*",
"matchCriteriaId": "8FE78790-13DE-43F6-80C2-3F85FF6E16E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20181215:*:*:pro:*:*:*",
"matchCriteriaId": "BFA0AEAD-9A25-4659-802F-BB56C68847BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190108:*:*:pro:*:*:*",
"matchCriteriaId": "1009C89A-D461-4BFF-A91B-24B7D0E17297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190118:*:*:pro:*:*:*",
"matchCriteriaId": "CA03DBAA-EE97-4D73-9454-13FA73F021E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190201:*:*:pro:*:*:*",
"matchCriteriaId": "24DF8346-A21D-44C7-A491-A58099B4D88B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190219:*:*:pro:*:*:*",
"matchCriteriaId": "8B38D653-F840-49FA-B4FA-7C23A101E77B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190303:*:*:pro:*:*:*",
"matchCriteriaId": "67D0992D-FF74-4F93-A00B-BB4EC0F8A51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190319:*:*:pro:*:*:*",
"matchCriteriaId": "3909F140-EB22-4D05-8576-4C7445A183DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190331:*:*:pro:*:*:*",
"matchCriteriaId": "2610F4B9-0739-4AE8-B4C2-E8578F0466E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190416:*:*:pro:*:*:*",
"matchCriteriaId": "2EA3D971-ECBC-4810-AE61-3167BD3D7F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190426:*:*:pro:*:*:*",
"matchCriteriaId": "E2FBED6C-4BDA-4AE2-999F-5D3063B90D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190513:*:*:pro:*:*:*",
"matchCriteriaId": "51571BCC-8621-4D0F-AE45-DAFF5AD9099A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190603:*:*:pro:*:*:*",
"matchCriteriaId": "35266B59-E489-4BF8-ABA5-1B07B3A3B9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190607:*:*:pro:*:*:*",
"matchCriteriaId": "737684B7-E4EC-46E6-981E-97CDFDEE6AB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190626:*:*:pro:*:*:*",
"matchCriteriaId": "C46B768B-11A8-473E-8532-AF7230F5390C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190722:*:*:pro:*:*:*",
"matchCriteriaId": "8DA7A63D-9416-4572-81A1-52D8247EAF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190805:*:*:pro:*:*:*",
"matchCriteriaId": "26989ACB-F823-47AF-825C-ACEFC77A5ABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190819:*:*:pro:*:*:*",
"matchCriteriaId": "E99A1FF5-59C8-4471-A5F4-F6B39CCD5EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190910:*:*:pro:*:*:*",
"matchCriteriaId": "89361CC7-C9C3-4DD6-A812-ACEA2FD9D3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20190930:*:*:pro:*:*:*",
"matchCriteriaId": "F87117F9-9B8D-4267-9CA1-98FEFA00DE0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191014:*:*:pro:*:*:*",
"matchCriteriaId": "4510FB72-A61D-4998-9C7B-B368ACADC2F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191030:*:*:pro:*:*:*",
"matchCriteriaId": "751D173E-BD8C-40DC-A033-52894F665A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191108:*:*:pro:*:*:*",
"matchCriteriaId": "F28F93F4-EF56-4C56-A34F-3582992039F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20191209:*:*:pro:*:*:*",
"matchCriteriaId": "536EAD48-FCF6-46A0-B8C6-58CB07E6F689",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200113:*:*:pro:*:*:*",
"matchCriteriaId": "6972D3C6-BBA2-4420-BF7C-F5B0B155E70E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200122:*:*:pro:*:*:*",
"matchCriteriaId": "7031F096-9223-481D-A024-6EFB55C6333D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200131:*:*:pro:*:*:*",
"matchCriteriaId": "7BF37270-5ABF-4BF0-AC39-78E36E7DFBC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200218:*:*:pro:*:*:*",
"matchCriteriaId": "B4FC8A3F-0F5D-4E34-8E69-7CA66F3ECC10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200302:*:*:pro:*:*:*",
"matchCriteriaId": "E69CD84D-9AD9-42EE-8117-CEE86D04B6C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200318:*:*:pro:*:*:*",
"matchCriteriaId": "E6DBB703-B54E-4E16-964A-77356540891C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200330:*:*:pro:*:*:*",
"matchCriteriaId": "BD215E6E-94E9-45CC-9E03-7458FDABFA8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.17.1:20200413:*:*:pro:*:*:*",
"matchCriteriaId": "2333BC4C-CB58-4BA1-ACD2-CDC308DB7B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027host\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated \u0027notes\u0027 field of a discovered scan asset."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site Scripting (XSS) en el campo \"host\" de un activo de escaneo detectado en Rapid7 Metasploit Pro, permite a un atacante con un servicio de red especialmente dise\u00f1ado de un objetivo de escaneo almacenar una secuencia de tipo XSS en la consola Metasploit Pro, que se activar\u00e1 cuando el operador visualiza el registro de ese host escaneado en la interfaz Metasploit Pro. Este problema afecta a Rapid7 Metasploit Pro versi\u00f3n 4.17.1-20200427 y versiones anteriores, y es corregido en Metasploit Pro versi\u00f3n 4.17.1-20200514. Consulte tambi\u00e9n CVE-2020-7355, que describe un problema similar, pero involucrando el campo \"notes\" generado de un activo de escaneo detectado"
}
],
"id": "CVE-2020-7354",
"lastModified": "2024-11-21T05:37:06.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-25T18:15:12.317",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
},
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-24 19:15
Modified
2024-11-21 05:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/issues/14015 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/issues/14015 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6C57088-B29C-4383-BC60-42ECE0C9326C",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "4.12.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
},
{
"lang": "es",
"value": "El m\u00f3dulo \"auxiliar/admin/http/telpho10_credential_dump\" del m\u00f3dulo Metasploit Framework est\u00e1 afectado por una vulnerabilidad de salto de ruta relativa en el m\u00e9todo untar que puede ser explotado para escribir archivos arbitrarios en ubicaciones arbitrarias en el sistema de archivos host cuando el m\u00f3dulo se ejecuta en un Servidor HTTP."
}
],
"id": "CVE-2020-7377",
"lastModified": "2024-11-21T05:37:08.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-24T19:15:10.837",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-06 21:29
Modified
2025-04-20 01:37
Severity ?
Summary
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/ | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/ | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A0315-5147-460D-8FE9-CB0834F3FF04",
"versionEndIncluding": "4.14.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
},
{
"lang": "es",
"value": "La interfaz web de usuario en Rapid7 Metasploit en versiones anteriores a la 4.14.1-20170828 permite el CSRF al cerrar sesi\u00f3n. Esto tambi\u00e9n se conoce como R7-2017-22."
}
],
"id": "CVE-2017-15084",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-06T21:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-01 23:15
Modified
2024-11-21 07:37
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://docs.rapid7.com/release-notes/metasploit/20230130/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.rapid7.com/release-notes/metasploit/20230130/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "F764FB35-3CC4-4303-96B6-C85B96B3E476",
"versionEndIncluding": "4.21.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.\u00a0 Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator."
}
],
"id": "CVE-2023-0599",
"lastModified": "2024-11-21T07:37:27.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-01T23:15:09.407",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-06 19:15
Modified
2024-11-21 04:45
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * | |
| rapid7 | metasploit | 4.16.0 | |
| rapid7 | metasploit | 4.16.0 | |
| rapid7 | metasploit | 4.16.0 | |
| rapid7 | metasploit | 4.16.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:pro:*:*:*",
"matchCriteriaId": "D0955FF0-9FB8-48BE-AF5F-8DE42FD0C143",
"versionEndExcluding": "4.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:-:*:*:pro:*:*:*",
"matchCriteriaId": "35954372-1852-47D3-B920-E9E4AABD6B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:20190722:*:*:pro:*:*:*",
"matchCriteriaId": "40954A9F-1E07-45A5-AA7C-0AC8C4B478BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:20190805:*:*:pro:*:*:*",
"matchCriteriaId": "FBD2D8F1-294E-4E6A-B78F-EB3181F2B224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rapid7:metasploit:4.16.0:2019081901:*:*:pro:*:*:*",
"matchCriteriaId": "E78CB217-64EC-4276-A4CB-7D0DAF1E378D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."
},
{
"lang": "es",
"value": "Rapid7 Metasploit Pro versi\u00f3n 4.16.0-2019081901 y anterior, sufre de una instancia de CWE-732, en la que el \u00fanico server.key es escrito en el sistema de archivos durante la instalaci\u00f3n con permisos de tipo world-readable. Esto puede permitir a otros usuarios del mismo sistema donde est\u00e1 instalado Metasploit Pro, por otra parte interceptar comunicaciones privadas a la interfaz web de Metasploit Pro."
}
],
"id": "CVE-2019-5642",
"lastModified": "2024-11-21T04:45:17.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-06T19:15:12.360",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-23 16:15
Modified
2024-11-21 05:37
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/14300 | Exploit, Patch, Third Party Advisory | |
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/14335 | Patch, Third Party Advisory | |
| cve@rapid7.com | https://help.rapid7.com/metasploit/release-notes/archive/2020/10/ | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/14300 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/14335 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://help.rapid7.com/metasploit/release-notes/archive/2020/10/ | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF91D8C-A041-42A6-9732-7A03C7DD14B8",
"versionEndExcluding": "4.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a \"hack-back\" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically."
},
{
"lang": "es",
"value": "Al lanzar el exploit drb_remote_codeexec, un usuario de Metasploit Framework expondr\u00e1 inadvertidamente un Metasploit al mismo problema de deserializaci\u00f3n que explota ese m\u00f3dulo, debido a la dependencia de las funciones vulnerables de la clase Distributed Ruby.\u0026#xa0;Dado que Metasploit Framework generalmente se ejecuta con privilegios elevados, esto puede conllevar a un compromiso del sistema en la estaci\u00f3n de trabajo Metasploit.\u0026#xa0;Tome en cuenta a un atacante tendr\u00eda que esperar y convencer al usuario de Metasploit para que ejecute el m\u00f3dulo afectado contra un endpoint malicioso en un tipo de ataque de \"hack-back\".\u0026#xa0;Metasploit solo es vulnerable cuando se est\u00e1 ejecutando el m\u00f3dulo drb_remote_codeexec.\u0026#xa0;En la mayor\u00eda de los casos, esto no puede suceder autom\u00e1ticamente"
}
],
"id": "CVE-2020-7385",
"lastModified": "2024-11-21T05:37:08.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-23T16:15:08.440",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"source": "cve@rapid7.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
},
{
"source": "cve@rapid7.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-29 15:15
Modified
2024-11-21 05:37
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@rapid7.com | http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/14288 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/14288 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF91D8C-A041-42A6-9732-7A03C7DD14B8",
"versionEndExcluding": "4.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7\u0027s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim\u0027s machine."
},
{
"lang": "es",
"value": "La trama msfvenom en Metasploit de Rapid7 maneja archivos APK de una manera que permite a un usuario malicioso crear y publicar un archivo que ejecutar\u00eda comandos arbitrarios en la m\u00e1quina de la v\u00edctima"
}
],
"id": "CVE-2020-7384",
"lastModified": "2024-11-21T05:37:08.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-29T15:15:12.500",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
},
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-22 22:15
Modified
2024-11-21 05:37
Severity ?
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/issues/13026 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/issues/13026 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE42CAE4-4C47-40EC-AC83-D6EE17824B2B",
"versionEndExcluding": "5.0.85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer\u0027s hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator\u0027s terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command."
},
{
"lang": "es",
"value": "Las versiones de Rapid7 Metasploit Framework anteriores a la versi\u00f3n 5.0.85 sufren de una instancia de CWE-78: Inyecci\u00f3n de comandos del sistema operativo, en la que el complemento libnotify acepta datos no seguros proporcionados por el usuario a trav\u00e9s del nombre de host o nombre de servicio de un ordenador remoto. Un atacante puede crear un nombre de host o nombre de servicio especialmente dise\u00f1ado para ser importado por Metasploit desde una variedad de fuentes y desencadenar una inyecci\u00f3n de comando en la terminal del operador. Tenga en cuenta que solo Metasploit Framework y los productos que exponen el sistema de complementos son susceptibles a este problema; en particular, esto no incluye Rapid7 Metasploit Pro. Tambi\u00e9n tenga en cuenta que esta vulnerabilidad no puede activarse mediante una operaci\u00f3n de exploraci\u00f3n normal: el atacante tendr\u00eda que proporcionar un archivo que se procese con el comando db_import."
}
],
"id": "CVE-2020-7350",
"lastModified": "2024-11-21T05:37:05.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-22T22:15:12.450",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B5DBE6-9BC1-47DD-9F27-AAED6E2E9501",
"versionEndIncluding": "4.13.19",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
},
{
"lang": "es",
"value": "Todas las ediciones de Rapid7 Metasploit anteriores a la versi\u00f3n 4.13.0-2017020701 contienen una vulnerabilidad de salto de directorio en la funci\u00f3n Meterpreter stdapi CommandDispatcher.cmd_download(). Utilizando una construcci\u00f3n de Meterpreter especialmente manipulada, es posible escribir a un directorio arbitrario en la consola Metasploit con los permisos de la instancia Metasploit en ejecuci\u00f3n."
}
],
"id": "CVE-2017-5231",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T20:59:00.610",
"references": [
{
"source": "cve@rapid7.com",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 20:59
Modified
2025-04-20 01:37
Severity ?
Summary
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | http://www.securityfocus.com/bid/96548 | Third Party Advisory, VDB Entry | |
| cve@rapid7.com | https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96548 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8AF9C-AA58-448A-8264-DCC4049B8E13",
"versionEndIncluding": "4.13.0-2017012501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
},
{
"lang": "es",
"value": "Instaladores de Rapid7 Metasploit Pro anteriores a la versi\u00f3n 4.13.0-2017022101 contienen una vulnerabilidad de precarga de DLL, donde es posible que el instalador cargue una DLL maliciosa ubicada en el directorio de trabajo actual del instalador."
}
],
"id": "CVE-2017-5235",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T20:59:00.783",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96548"
},
{
"source": "cve@rapid7.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-08-24 19:15
Modified
2024-11-21 05:37
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/issues/14008 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/issues/14008 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE440BD0-9B8F-49A8-BF37-85B8DC3CEDCB",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "4.11.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
},
{
"lang": "es",
"value": "El m\u00f3dulo de Metasploit Framework \"post/osx/gather/enum_osx module\" est\u00e1 afectado por una vulnerabilidad de salto de ruta relativa en el m\u00e9todo get_keychains que puede ser explotado para escribir archivos arbitrarios en ubicaciones arbitrarias en el sistema de archivos del host cuando el m\u00f3dulo se ejecuta en un host malicioso."
}
],
"id": "CVE-2020-7376",
"lastModified": "2024-11-21T05:37:07.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-24T19:15:10.713",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-01 15:15
Modified
2024-11-21 04:45
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@rapid7.com | https://github.com/rapid7/metasploit-framework/pull/12433 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/rapid7/metasploit-framework/pull/12433 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rapid7 | metasploit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rapid7:metasploit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62D5D3F5-4DBD-423D-8EB6-7D0EAB0EDAEF",
"versionEndIncluding": "5.0.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
},
{
"lang": "es",
"value": "Mediante el env\u00edo de una petici\u00f3n GET HTTP especialmente dise\u00f1ada hacia un manejador HTTP de Rapid7 Metasploit que est\u00e9 escuchando, un atacante puede registrar una expresi\u00f3n regular arbitraria.\u0026#xa0;Cuando se eval\u00faa, este manejador malicioso puede impedir que sean establecidas nuevas sesiones del manejador HTTP o causar un agotamiento de recursos en el servidor de Metasploit"
}
],
"id": "CVE-2019-5645",
"lastModified": "2024-11-21T04:45:17.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-01T15:15:11.983",
"references": [
{
"source": "cve@rapid7.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
],
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "cve@rapid7.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7384 (GCVE-0-2020-7384)
Vulnerability from cvelistv5
Published
2020-10-29 14:05
Modified
2024-08-04 09:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Version: unspecified < 4.19.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.19.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, reported and fixed by Justin Steven"
}
],
"descriptions": [
{
"lang": "en",
"value": "Rapid7\u0027s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim\u0027s machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T14:06:09",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Client-Side Command Injection in Rapid7 Metasploit ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2020-7384",
"STATE": "PUBLIC",
"TITLE": "Client-Side Command Injection in Rapid7 Metasploit "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.19.0"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, reported and fixed by Justin Steven"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7\u0027s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim\u0027s machine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14288",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"name": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7384",
"datePublished": "2020-10-29T14:05:16",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5231 (GCVE-0-2017-5231)
Vulnerability from cvelistv5
Published
2017-03-02 20:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory Traversal
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96954 | vdb-entry, x_refsource_BID | |
| https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Version: All versions prior to version 4.13.0-2017020701 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017020701"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-20T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017020701"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5231",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15084 (GCVE-0-2017-15084)
Vulnerability from cvelistv5
Published
2017-10-06 21:00
Modified
2024-09-16 19:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/",
"refsource": "CONFIRM",
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15084",
"datePublished": "2017-10-06T21:00:00Z",
"dateReserved": "2017-10-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:27.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7385 (GCVE-0-2020-7385)
Vulnerability from cvelistv5
Published
2021-04-23 15:35
Modified
2024-09-17 01:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rapid7/metasploit-framework/pull/14300 | x_refsource_MISC | |
| https://help.rapid7.com/metasploit/release-notes/archive/2020/10/ | x_refsource_MISC | |
| https://github.com/rapid7/metasploit-framework/pull/14335 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Version: 6.0.15 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.0.15",
"status": "affected",
"version": "6.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7\u0027s coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt"
}
],
"datePublic": "2020-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a \"hack-back\" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T15:35:19",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
],
"solutions": [
{
"lang": "en",
"value": "Do not run the drb_remote_codeexec module. After commit 659137da94fa2fe56ce5c44d611db3692bf7d2e5, the Metasploit Framework no longer ships with the affected module."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Metasploit Framework \u0027drb_remote_codeexec\u0027 code execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-10-22T17:09:00.000Z",
"ID": "CVE-2020-7385",
"STATE": "PUBLIC",
"TITLE": "Metasploit Framework \u0027drb_remote_codeexec\u0027 code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.0.15",
"version_value": "6.0.15"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7\u0027s coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a \"hack-back\" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14300",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/",
"refsource": "MISC",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14335",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
]
},
"solution": [
{
"lang": "en",
"value": "Do not run the drb_remote_codeexec module. After commit 659137da94fa2fe56ce5c44d611db3692bf7d2e5, the Metasploit Framework no longer ships with the affected module."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7385",
"datePublished": "2021-04-23T15:35:19.277046Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T01:30:50.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5229 (GCVE-0-2017-5229)
Vulnerability from cvelistv5
Published
2017-03-02 20:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory Traversal
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96954 | vdb-entry, x_refsource_BID | |
| https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Version: All versions prior to version 4.13.0-2017020701 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017020701"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-20T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017020701"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5229",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5228 (GCVE-0-2017-5228)
Vulnerability from cvelistv5
Published
2017-03-02 20:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Directory Traversal
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96954 | vdb-entry, x_refsource_BID | |
| https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Version: All versions prior to version 4.13.0-2017020701 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017020701"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-20T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017020701"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5228",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5645 (GCVE-0-2019-5645)
Vulnerability from cvelistv5
Published
2020-09-01 14:35
Modified
2024-09-17 03:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rapid7/metasploit-framework/pull/12433 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Version: 5.0.27 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "5.0.27",
"status": "affected",
"version": "5.0.27",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported by Jose Garduno of Dreamlab Technologies, AG"
}
],
"datePublic": "2019-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T14:35:12",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit HTTP Handler Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-10-09T14:54:00.000Z",
"ID": "CVE-2019-5645",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit HTTP Handler Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.0.27",
"version_value": "5.0.27"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by Jose Garduno of Dreamlab Technologies, AG"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/12433",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5645",
"datePublished": "2020-09-01T14:35:12.880695Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T03:29:11.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5624 (GCVE-0-2019-5624)
Vulnerability from cvelistv5
Published
2019-04-30 16:53
Modified
2024-09-17 04:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rapid7/metasploit-framework/pull/11716 | x_refsource_CONFIRM | |
| https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416 | x_refsource_CONFIRM | |
| https://blog.doyensec.com/2019/04/24/rubyzip-bug.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Version: 4.14.0 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.14.0",
"status": "affected",
"version": "4.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T16:53:31",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 4.15.0 or later."
}
],
"source": {
"discovery": "USER"
},
"title": "Rapid7 Metasploit Framework Zip Import Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-04-24T18:00:00.000Z",
"ID": "CVE-2019-5624",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Zip Import Directory Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "4.14.0",
"version_value": "4.14.0"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/11716",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"name": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html",
"refsource": "MISC",
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 4.15.0 or later."
}
],
"source": {
"discovery": "USER"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5624",
"datePublished": "2019-04-30T16:53:31.816001Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T04:29:13.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7377 (GCVE-0-2020-7377)
Vulnerability from cvelistv5
Published
2020-08-24 19:10
Modified
2024-09-17 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rapid7/metasploit-framework/issues/14015 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Version: 4.12.40 < 4.12.40* Version: 6.0.3 < 6.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.12.40*",
"status": "affected",
"version": "4.12.40",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-18T08:48:00.000Z",
"ID": "CVE-2020-7377",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.12.40",
"version_value": "4.12.40"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14015",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7377",
"datePublished": "2020-08-24T19:10:18.025073Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T03:43:45.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0599 (GCVE-0-2023-0599)
Vulnerability from cvelistv5
Published
2023-02-01 22:13
Modified
2025-03-25 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.rapid7.com/release-notes/metasploit/20230130/ | release-notes |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Version: 0 ≤ 4.21.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T19:28:31.862664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T19:28:44.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.21.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Caruso"
}
],
"datePublic": "2023-01-30T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.\u0026nbsp; Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator."
}
],
"value": "Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.\u00a0 Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T22:13:54.609Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-0599",
"datePublished": "2023-02-01T22:13:54.609Z",
"dateReserved": "2023-01-31T17:28:37.548Z",
"dateUpdated": "2025-03-25T19:28:44.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7354 (GCVE-0-2020-7354)
Vulnerability from cvelistv5
Published
2020-06-25 17:15
Modified
2024-09-17 00:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514 | x_refsource_CONFIRM | |
| https://avalz.it/research/metasploit-pro-xss-to-rce/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Version: 4.17.1-20200427 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.17.1-20200427",
"status": "affected",
"version": "4.17.1-20200427",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"datePublic": "2020-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027host\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated \u0027notes\u0027 field of a discovered scan asset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T17:15:15",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS in \u0027host\u0027 field",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-05-21T13:13:00.000Z",
"ID": "CVE-2020-7354",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Pro Stored XSS in \u0027host\u0027 field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.17.1-20200427",
"version_value": "4.17.1-20200427"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027host\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated \u0027notes\u0027 field of a discovered scan asset."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"name": "https://avalz.it/research/metasploit-pro-xss-to-rce/",
"refsource": "MISC",
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7354",
"datePublished": "2020-06-25T17:15:15.535412Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T00:25:26.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5642 (GCVE-0-2019-5642)
Vulnerability from cvelistv5
Published
2019-11-06 18:30
Modified
2024-09-17 04:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Version: unspecified < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.16.0-2019081901",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T18:30:42",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"
}
],
"source": {
"advisory": "R7-2019-35",
"defect": [
"MS-4514"
],
"discovery": "USER"
},
"title": "MAGICK",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-09-12T20:00:00.000Z",
"ID": "CVE-2019-5642",
"STATE": "PUBLIC",
"TITLE": "MAGICK"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.16.0-2019081901"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"
}
],
"source": {
"advisory": "R7-2019-35",
"defect": [
"MS-4514"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5642",
"datePublished": "2019-11-06T18:30:42.787547Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T04:24:03.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7355 (GCVE-0-2020-7355)
Vulnerability from cvelistv5
Published
2020-06-25 17:15
Modified
2024-09-17 02:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514 | x_refsource_CONFIRM | |
| https://avalz.it/research/metasploit-pro-xss-to-rce/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Version: 4.17.1-20200427 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.17.1-20200427",
"status": "affected",
"version": "4.17.1-20200427",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"datePublic": "2020-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027notes\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated \u0027host\u0027 field of a discovered scan asset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T17:15:15",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS in \u0027notes\u0027 field",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-05-21T13:13:00.000Z",
"ID": "CVE-2020-7355",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Pro Stored XSS in \u0027notes\u0027 field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.17.1-20200427",
"version_value": "4.17.1-20200427"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027notes\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated \u0027host\u0027 field of a discovered scan asset."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"name": "https://avalz.it/research/metasploit-pro-xss-to-rce/",
"refsource": "MISC",
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7355",
"datePublished": "2020-06-25T17:15:15.975135Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:31:45.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7376 (GCVE-0-2020-7376)
Vulnerability from cvelistv5
Published
2020-08-24 19:10
Modified
2024-09-16 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-23 - Relative Path Traversal
Summary
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rapid7/metasploit-framework/issues/14008 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Version: 4.11.7 < 4.11.7* Version: 6.0.3 < 6.0.3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.11.7*",
"status": "affected",
"version": "4.11.7",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-17T10:00:00.000Z",
"ID": "CVE-2020-7376",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.11.7",
"version_value": "4.11.7"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14008",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7376",
"datePublished": "2020-08-24T19:10:17.594819Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:35:28.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5235 (GCVE-0-2017-5235)
Vulnerability from cvelistv5
Published
2017-03-02 20:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- DLL Preloading
Summary
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/96548 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Version: All versions prior to version 4.13.0-2017022101 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017022101"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017022101"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5235",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5244 (GCVE-0-2017-5244)
Vulnerability from cvelistv5
Published
2017-06-15 14:00
Modified
2024-08-05 14:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - (Cross-Site Request Forgery)
Summary
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit (Pro, Express, and Community editions) |
Version: < 4.14.0 (Update 2017061301) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit (Pro, Express, and Community editions)",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "\u003c 4.14.0 (Update 2017061301)"
}
]
}
],
"datePublic": "2017-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 (Cross-Site Request Forgery)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "99082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit (Pro, Express, and Community editions)",
"version": {
"version_data": [
{
"version_value": "\u003c 4.14.0 (Update 2017061301)"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 (Cross-Site Request Forgery)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99082"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"name": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/",
"refsource": "MISC",
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5244",
"datePublished": "2017-06-15T14:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7350 (GCVE-0-2020-7350)
Vulnerability from cvelistv5
Published
2020-04-22 21:25
Modified
2024-09-17 00:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - OS Command Injection
Summary
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/rapid7/metasploit-framework/issues/13026 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Version: 5.0.85 < 5.0.85 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "5.0.85",
"status": "affected",
"version": "5.0.85",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported to Rapid7 by javier aguinaga."
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer\u0027s hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator\u0027s terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command."
}
],
"exploits": [
{
"lang": "en",
"value": "An exploit is available at the CONRIM link, along with the fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T20:11:53",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 5.0.85"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Metasploit Framework Plugin Libnotify Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-16T15:55:00.000Z",
"ID": "CVE-2020-7350",
"STATE": "PUBLIC",
"TITLE": "Metasploit Framework Plugin Libnotify Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0.85",
"version_value": "5.0.85"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported to Rapid7 by javier aguinaga."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer\u0027s hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator\u0027s terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command."
}
]
},
"exploit": [
{
"lang": "en",
"value": "An exploit is available at the CONRIM link, along with the fix."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/13026",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 5.0.85"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7350",
"datePublished": "2020-04-22T21:25:13.300204Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T00:51:34.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}