Search criteria
34 vulnerabilities found for Metasploit by Rapid7
CVE-2023-0599 (GCVE-0-2023-0599)
Vulnerability from nvd – Published: 2023-02-01 22:13 – Updated: 2025-03-25 19:28
VLAI?
Title
Rapid7 Metasploit Pro Stored XSS
Summary
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
0 , ≤ 4.21.2
(semver)
|
Credits
Michael Caruso
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T19:28:31.862664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T19:28:44.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.21.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Caruso"
}
],
"datePublic": "2023-01-30T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.\u0026nbsp; Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator."
}
],
"value": "Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.\u00a0 Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T22:13:54.609Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-0599",
"datePublished": "2023-02-01T22:13:54.609Z",
"dateReserved": "2023-01-31T17:28:37.548Z",
"dateUpdated": "2025-03-25T19:28:44.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7385 (GCVE-0-2020-7385)
Vulnerability from nvd – Published: 2021-04-23 15:35 – Updated: 2024-09-17 01:30
VLAI?
Title
Metasploit Framework 'drb_remote_codeexec' code execution
Summary
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
Severity ?
8.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
6.0.15 , ≤ 6.0.15
(custom)
|
Credits
This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7's coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.0.15",
"status": "affected",
"version": "6.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7\u0027s coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt"
}
],
"datePublic": "2020-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a \"hack-back\" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T15:35:19",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
],
"solutions": [
{
"lang": "en",
"value": "Do not run the drb_remote_codeexec module. After commit 659137da94fa2fe56ce5c44d611db3692bf7d2e5, the Metasploit Framework no longer ships with the affected module."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Metasploit Framework \u0027drb_remote_codeexec\u0027 code execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-10-22T17:09:00.000Z",
"ID": "CVE-2020-7385",
"STATE": "PUBLIC",
"TITLE": "Metasploit Framework \u0027drb_remote_codeexec\u0027 code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.0.15",
"version_value": "6.0.15"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7\u0027s coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a \"hack-back\" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14300",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/",
"refsource": "MISC",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14335",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
]
},
"solution": [
{
"lang": "en",
"value": "Do not run the drb_remote_codeexec module. After commit 659137da94fa2fe56ce5c44d611db3692bf7d2e5, the Metasploit Framework no longer ships with the affected module."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7385",
"datePublished": "2021-04-23T15:35:19.277046Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T01:30:50.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7384 (GCVE-0-2020-7384)
Vulnerability from nvd – Published: 2020-10-29 14:05 – Updated: 2024-08-04 09:25
VLAI?
Title
Client-Side Command Injection in Rapid7 Metasploit
Summary
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Affected:
unspecified , < 4.19.0
(custom)
|
Credits
This issue was discovered, reported and fixed by Justin Steven
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.19.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, reported and fixed by Justin Steven"
}
],
"descriptions": [
{
"lang": "en",
"value": "Rapid7\u0027s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim\u0027s machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T14:06:09",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Client-Side Command Injection in Rapid7 Metasploit ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2020-7384",
"STATE": "PUBLIC",
"TITLE": "Client-Side Command Injection in Rapid7 Metasploit "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.19.0"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, reported and fixed by Justin Steven"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7\u0027s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim\u0027s machine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14288",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"name": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7384",
"datePublished": "2020-10-29T14:05:16",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5645 (GCVE-0-2019-5645)
Vulnerability from nvd – Published: 2020-09-01 14:35 – Updated: 2024-09-17 03:29
VLAI?
Title
Rapid7 Metasploit HTTP Handler Denial of Service
Summary
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
5.0.27 , ≤ 5.0.27
(custom)
|
Credits
This issue was reported by Jose Garduno of Dreamlab Technologies, AG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "5.0.27",
"status": "affected",
"version": "5.0.27",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported by Jose Garduno of Dreamlab Technologies, AG"
}
],
"datePublic": "2019-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T14:35:12",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit HTTP Handler Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-10-09T14:54:00.000Z",
"ID": "CVE-2019-5645",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit HTTP Handler Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.0.27",
"version_value": "5.0.27"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by Jose Garduno of Dreamlab Technologies, AG"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/12433",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5645",
"datePublished": "2020-09-01T14:35:12.880695Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T03:29:11.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7377 (GCVE-0-2020-7377)
Vulnerability from nvd – Published: 2020-08-24 19:10 – Updated: 2024-09-17 03:43
VLAI?
Title
Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module
Summary
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.
Severity ?
8.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.12.40 , < 4.12.40*
(custom)
Affected: 6.0.3 , < 6.0.3 (custom) |
Credits
This issue was reported, and fixed, by bcoles.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.12.40*",
"status": "affected",
"version": "4.12.40",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-18T08:48:00.000Z",
"ID": "CVE-2020-7377",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.12.40",
"version_value": "4.12.40"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14015",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7377",
"datePublished": "2020-08-24T19:10:18.025073Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T03:43:45.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7376 (GCVE-0-2020-7376)
Vulnerability from nvd – Published: 2020-08-24 19:10 – Updated: 2024-09-16 23:35
VLAI?
Title
Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module
Summary
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.
Severity ?
7.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.11.7 , < 4.11.7*
(custom)
Affected: 6.0.3 , < 6.0.3 (custom) |
Credits
This issue was reported, and fixed, by bcoles.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.11.7*",
"status": "affected",
"version": "4.11.7",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-17T10:00:00.000Z",
"ID": "CVE-2020-7376",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.11.7",
"version_value": "4.11.7"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14008",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7376",
"datePublished": "2020-08-24T19:10:17.594819Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:35:28.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7355 (GCVE-0-2020-7355)
Vulnerability from nvd – Published: 2020-06-25 17:15 – Updated: 2024-09-17 02:31
VLAI?
Title
Rapid7 Metasploit Pro Stored XSS in 'notes' field
Summary
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
4.17.1-20200427 , ≤ 4.17.1-20200427
(custom)
|
Credits
Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.17.1-20200427",
"status": "affected",
"version": "4.17.1-20200427",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"datePublic": "2020-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027notes\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated \u0027host\u0027 field of a discovered scan asset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T17:15:15",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS in \u0027notes\u0027 field",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-05-21T13:13:00.000Z",
"ID": "CVE-2020-7355",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Pro Stored XSS in \u0027notes\u0027 field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.17.1-20200427",
"version_value": "4.17.1-20200427"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027notes\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated \u0027host\u0027 field of a discovered scan asset."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"name": "https://avalz.it/research/metasploit-pro-xss-to-rce/",
"refsource": "MISC",
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7355",
"datePublished": "2020-06-25T17:15:15.975135Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:31:45.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7354 (GCVE-0-2020-7354)
Vulnerability from nvd – Published: 2020-06-25 17:15 – Updated: 2024-09-17 00:25
VLAI?
Title
Rapid7 Metasploit Pro Stored XSS in 'host' field
Summary
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
4.17.1-20200427 , ≤ 4.17.1-20200427
(custom)
|
Credits
Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.17.1-20200427",
"status": "affected",
"version": "4.17.1-20200427",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"datePublic": "2020-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027host\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated \u0027notes\u0027 field of a discovered scan asset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T17:15:15",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS in \u0027host\u0027 field",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-05-21T13:13:00.000Z",
"ID": "CVE-2020-7354",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Pro Stored XSS in \u0027host\u0027 field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.17.1-20200427",
"version_value": "4.17.1-20200427"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027host\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated \u0027notes\u0027 field of a discovered scan asset."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"name": "https://avalz.it/research/metasploit-pro-xss-to-rce/",
"refsource": "MISC",
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7354",
"datePublished": "2020-06-25T17:15:15.535412Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T00:25:26.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7350 (GCVE-0-2020-7350)
Vulnerability from nvd – Published: 2020-04-22 21:25 – Updated: 2024-09-17 00:51
VLAI?
Title
Metasploit Framework Plugin Libnotify Command Injection
Summary
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.
Severity ?
6.1 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
5.0.85 , < 5.0.85
(custom)
|
Credits
This issue was discovered and reported to Rapid7 by javier aguinaga.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "5.0.85",
"status": "affected",
"version": "5.0.85",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported to Rapid7 by javier aguinaga."
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer\u0027s hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator\u0027s terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command."
}
],
"exploits": [
{
"lang": "en",
"value": "An exploit is available at the CONRIM link, along with the fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T20:11:53",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 5.0.85"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Metasploit Framework Plugin Libnotify Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-16T15:55:00.000Z",
"ID": "CVE-2020-7350",
"STATE": "PUBLIC",
"TITLE": "Metasploit Framework Plugin Libnotify Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0.85",
"version_value": "5.0.85"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported to Rapid7 by javier aguinaga."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer\u0027s hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator\u0027s terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command."
}
]
},
"exploit": [
{
"lang": "en",
"value": "An exploit is available at the CONRIM link, along with the fix."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/13026",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 5.0.85"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7350",
"datePublished": "2020-04-22T21:25:13.300204Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T00:51:34.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5642 (GCVE-0-2019-5642)
Vulnerability from nvd – Published: 2019-11-06 18:30 – Updated: 2024-09-17 04:24
VLAI?
Title
MAGICK
Summary
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
unspecified , ≤ 4.16.0-2019081901
(custom)
|
Credits
This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.16.0-2019081901",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T18:30:42",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"
}
],
"source": {
"advisory": "R7-2019-35",
"defect": [
"MS-4514"
],
"discovery": "USER"
},
"title": "MAGICK",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-09-12T20:00:00.000Z",
"ID": "CVE-2019-5642",
"STATE": "PUBLIC",
"TITLE": "MAGICK"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.16.0-2019081901"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"
}
],
"source": {
"advisory": "R7-2019-35",
"defect": [
"MS-4514"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5642",
"datePublished": "2019-11-06T18:30:42.787547Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T04:24:03.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5624 (GCVE-0-2019-5624)
Vulnerability from nvd – Published: 2019-04-30 16:53 – Updated: 2024-09-17 04:29
VLAI?
Title
Rapid7 Metasploit Framework Zip Import Directory Traversal
Summary
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
Severity ?
7.4 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.14.0 , ≤ 4.14.0
(custom)
|
Credits
This issue was discovered by Doyensec, and reported privately by Luca Carettoni.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.14.0",
"status": "affected",
"version": "4.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T16:53:31",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 4.15.0 or later."
}
],
"source": {
"discovery": "USER"
},
"title": "Rapid7 Metasploit Framework Zip Import Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-04-24T18:00:00.000Z",
"ID": "CVE-2019-5624",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Zip Import Directory Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "4.14.0",
"version_value": "4.14.0"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/11716",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"name": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html",
"refsource": "MISC",
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 4.15.0 or later."
}
],
"source": {
"discovery": "USER"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5624",
"datePublished": "2019-04-30T16:53:31.816001Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T04:29:13.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15084 (GCVE-0-2017-15084)
Vulnerability from nvd – Published: 2017-10-06 21:00 – Updated: 2024-09-16 19:10
VLAI?
Summary
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/",
"refsource": "CONFIRM",
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15084",
"datePublished": "2017-10-06T21:00:00Z",
"dateReserved": "2017-10-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:27.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5244 (GCVE-0-2017-5244)
Vulnerability from nvd – Published: 2017-06-15 14:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.
Severity ?
No CVSS data available.
CWE
- CWE-352 - (Cross-Site Request Forgery)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit (Pro, Express, and Community editions) |
Affected:
< 4.14.0 (Update 2017061301)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit (Pro, Express, and Community editions)",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "\u003c 4.14.0 (Update 2017061301)"
}
]
}
],
"datePublic": "2017-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 (Cross-Site Request Forgery)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "99082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit (Pro, Express, and Community editions)",
"version": {
"version_data": [
{
"version_value": "\u003c 4.14.0 (Update 2017061301)"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 (Cross-Site Request Forgery)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99082"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"name": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/",
"refsource": "MISC",
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5244",
"datePublished": "2017-06-15T14:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5235 (GCVE-0-2017-5235)
Vulnerability from nvd – Published: 2017-03-02 20:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.
Severity ?
No CVSS data available.
CWE
- DLL Preloading
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
All versions prior to version 4.13.0-2017022101
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96548"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017022101"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DLL Preloading",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-06T10:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96548"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017022101"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Preloading"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
},
{
"name": "96548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96548"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5235",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5231 (GCVE-0-2017-5231)
Vulnerability from nvd – Published: 2017-03-02 20:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Affected:
All versions prior to version 4.13.0-2017020701
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017020701"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-20T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017020701"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi CommandDispatcher.cmd_download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5231",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5229 (GCVE-0-2017-5229)
Vulnerability from nvd – Published: 2017-03-02 20:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Affected:
All versions prior to version 4.13.0-2017020701
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017020701"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-20T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017020701"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5229",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5228 (GCVE-0-2017-5228)
Vulnerability from nvd – Published: 2017-03-02 20:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Affected:
All versions prior to version 4.13.0-2017020701
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 4.13.0-2017020701"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-20T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "96954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96954"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 4.13.0-2017020701"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary directory on the Metasploit console with the permissions of the running Metasploit instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96954"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/infosec/blog/2017/03/01/multiple-vulnerabilities-affecting-four-rapid7-products"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5228",
"datePublished": "2017-03-02T20:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-0599 (GCVE-0-2023-0599)
Vulnerability from cvelistv5 – Published: 2023-02-01 22:13 – Updated: 2025-03-25 19:28
VLAI?
Title
Rapid7 Metasploit Pro Stored XSS
Summary
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
0 , ≤ 4.21.2
(semver)
|
Credits
Michael Caruso
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:17:50.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T19:28:31.862664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T19:28:44.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.21.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Michael Caruso"
}
],
"datePublic": "2023-01-30T20:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.\u0026nbsp; Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator."
}
],
"value": "Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization.\u00a0 Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T22:13:54.609Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.rapid7.com/release-notes/metasploit/20230130/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-0599",
"datePublished": "2023-02-01T22:13:54.609Z",
"dateReserved": "2023-01-31T17:28:37.548Z",
"dateUpdated": "2025-03-25T19:28:44.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7385 (GCVE-0-2020-7385)
Vulnerability from cvelistv5 – Published: 2021-04-23 15:35 – Updated: 2024-09-17 01:30
VLAI?
Title
Metasploit Framework 'drb_remote_codeexec' code execution
Summary
By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a "hack-back" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically.
Severity ?
8.1 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
6.0.15 , ≤ 6.0.15
(custom)
|
Credits
This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7's coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "6.0.15",
"status": "affected",
"version": "6.0.15",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7\u0027s coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt"
}
],
"datePublic": "2020-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a \"hack-back\" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-23T15:35:19",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
],
"solutions": [
{
"lang": "en",
"value": "Do not run the drb_remote_codeexec module. After commit 659137da94fa2fe56ce5c44d611db3692bf7d2e5, the Metasploit Framework no longer ships with the affected module."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Metasploit Framework \u0027drb_remote_codeexec\u0027 code execution",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-10-22T17:09:00.000Z",
"ID": "CVE-2020-7385",
"STATE": "PUBLIC",
"TITLE": "Metasploit Framework \u0027drb_remote_codeexec\u0027 code execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "6.0.15",
"version_value": "6.0.15"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Jeff Dileo of NCC Group, and reported to Rapid7 via Rapid7\u0027s coordinated vulnerability disclosure process, detailed here: https://www.rapid7.com/.well-known/security.txt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By launching the drb_remote_codeexec exploit, a Metasploit Framework user will inadvertently expose Metasploit to the same deserialization issue that is exploited by that module, due to the reliance on the vulnerable Distributed Ruby class functions. Since Metasploit Framework typically runs with elevated privileges, this can lead to a system compromise on the Metasploit workstation. Note that an attacker would have to lie in wait and entice the Metasploit user to run the affected module against a malicious endpoint in a \"hack-back\" type of attack. Metasploit is only vulnerable when the drb_remote_codeexec module is running. In most cases, this cannot happen automatically."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14300",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14300"
},
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/",
"refsource": "MISC",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/10/"
},
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14335",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/pull/14335"
}
]
},
"solution": [
{
"lang": "en",
"value": "Do not run the drb_remote_codeexec module. After commit 659137da94fa2fe56ce5c44d611db3692bf7d2e5, the Metasploit Framework no longer ships with the affected module."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7385",
"datePublished": "2021-04-23T15:35:19.277046Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T01:30:50.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7384 (GCVE-0-2020-7384)
Vulnerability from cvelistv5 – Published: 2020-10-29 14:05 – Updated: 2024-08-04 09:25
VLAI?
Title
Client-Side Command Injection in Rapid7 Metasploit
Summary
Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.
Severity ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit |
Affected:
unspecified , < 4.19.0
(custom)
|
Credits
This issue was discovered, reported and fixed by Justin Steven
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:48.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.19.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered, reported and fixed by Justin Steven"
}
],
"descriptions": [
{
"lang": "en",
"value": "Rapid7\u0027s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim\u0027s machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-29T14:06:09",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Client-Side Command Injection in Rapid7 Metasploit ",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2020-7384",
"STATE": "PUBLIC",
"TITLE": "Client-Side Command Injection in Rapid7 Metasploit "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "4.19.0"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered, reported and fixed by Justin Steven"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7\u0027s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim\u0027s machine."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/14288",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/14288"
},
{
"name": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160004/Rapid7-Metasploit-Framework-msfvenom-APK-Template-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161200/Metasploit-Framework-6.0.11-Command-Injection.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7384",
"datePublished": "2020-10-29T14:05:16",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:25:48.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5645 (GCVE-0-2019-5645)
Vulnerability from cvelistv5 – Published: 2020-09-01 14:35 – Updated: 2024-09-17 03:29
VLAI?
Title
Rapid7 Metasploit HTTP Handler Denial of Service
Summary
By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
5.0.27 , ≤ 5.0.27
(custom)
|
Credits
This issue was reported by Jose Garduno of Dreamlab Technologies, AG
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:52.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "5.0.27",
"status": "affected",
"version": "5.0.27",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported by Jose Garduno of Dreamlab Technologies, AG"
}
],
"datePublic": "2019-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-01T14:35:12",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit HTTP Handler Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-10-09T14:54:00.000Z",
"ID": "CVE-2019-5645",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit HTTP Handler Denial of Service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "5.0.27",
"version_value": "5.0.27"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by Jose Garduno of Dreamlab Technologies, AG"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By sending a specially crafted HTTP GET request to a listening Rapid7 Metasploit HTTP handler, an attacker can register an arbitrary regular expression. When evaluated, this malicious handler can either prevent new HTTP handler sessions from being established, or cause a resource exhaustion on the Metasploit server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/12433",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/12433"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5645",
"datePublished": "2020-09-01T14:35:12.880695Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T03:29:11.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7377 (GCVE-0-2020-7377)
Vulnerability from cvelistv5 – Published: 2020-08-24 19:10 – Updated: 2024-09-17 03:43
VLAI?
Title
Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module
Summary
The Metasploit Framework module "auxiliary/admin/http/telpho10_credential_dump" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server.
Severity ?
8.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.12.40 , < 4.12.40*
(custom)
Affected: 6.0.3 , < 6.0.3 (custom) |
Credits
This issue was reported, and fixed, by bcoles.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.12.40*",
"status": "affected",
"version": "4.12.40",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-18T08:48:00.000Z",
"ID": "CVE-2020-7377",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.12.40",
"version_value": "4.12.40"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"auxiliary/admin/http/telpho10_credential_dump\" module is affected by a relative path traversal vulnerability in the untar method which can be exploited to write arbitrary files to arbitrary locations on the host file system when the module is run on a malicious HTTP server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14015",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14015"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7377",
"datePublished": "2020-08-24T19:10:18.025073Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T03:43:45.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7376 (GCVE-0-2020-7376)
Vulnerability from cvelistv5 – Published: 2020-08-24 19:10 – Updated: 2024-09-16 23:35
VLAI?
Title
Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module
Summary
The Metasploit Framework module "post/osx/gather/enum_osx module" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host.
Severity ?
7.1 (High)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.11.7 , < 4.11.7*
(custom)
Affected: 6.0.3 , < 6.0.3 (custom) |
Credits
This issue was reported, and fixed, by bcoles.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "4.11.7*",
"status": "affected",
"version": "4.11.7",
"versionType": "custom"
},
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"datePublic": "2020-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-24T19:10:17",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
],
"solutions": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-08-17T10:00:00.000Z",
"ID": "CVE-2020-7376",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "4.11.7",
"version_value": "4.11.7"
},
{
"version_affected": "\u003c",
"version_name": "6.0.3",
"version_value": "6.0.3"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported, and fixed, by bcoles."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metasploit Framework module \"post/osx/gather/enum_osx module\" is affected by a relative path traversal vulnerability in the get_keychains method which can be exploited to write arbitrary files to arbitrary locations on the host filesystem when the module is run on a malicious host."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/14008",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/14008"
}
]
},
"solution": [
{
"lang": "en",
"value": "Users should update to version 6.0.3 or later of the Metasploit Framework."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7376",
"datePublished": "2020-08-24T19:10:17.594819Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:35:28.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7355 (GCVE-0-2020-7355)
Vulnerability from cvelistv5 – Published: 2020-06-25 17:15 – Updated: 2024-09-17 02:31
VLAI?
Title
Rapid7 Metasploit Pro Stored XSS in 'notes' field
Summary
Cross-site Scripting (XSS) vulnerability in the 'notes' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated 'host' field of a discovered scan asset.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
4.17.1-20200427 , ≤ 4.17.1-20200427
(custom)
|
Credits
Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.17.1-20200427",
"status": "affected",
"version": "4.17.1-20200427",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"datePublic": "2020-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027notes\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated \u0027host\u0027 field of a discovered scan asset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T17:15:15",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS in \u0027notes\u0027 field",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-05-21T13:13:00.000Z",
"ID": "CVE-2020-7355",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Pro Stored XSS in \u0027notes\u0027 field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.17.1-20200427",
"version_value": "4.17.1-20200427"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027notes\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7354, which describes a similar issue, but involving the generated \u0027host\u0027 field of a discovered scan asset."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"name": "https://avalz.it/research/metasploit-pro-xss-to-rce/",
"refsource": "MISC",
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7355",
"datePublished": "2020-06-25T17:15:15.975135Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T02:31:45.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7354 (GCVE-0-2020-7354)
Vulnerability from cvelistv5 – Published: 2020-06-25 17:15 – Updated: 2024-09-17 00:25
VLAI?
Title
Rapid7 Metasploit Pro Stored XSS in 'host' field
Summary
Cross-site Scripting (XSS) vulnerability in the 'host' field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated 'notes' field of a discovered scan asset.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
4.17.1-20200427 , ≤ 4.17.1-20200427
(custom)
|
Credits
Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.17.1-20200427",
"status": "affected",
"version": "4.17.1-20200427",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"datePublic": "2020-05-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027host\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated \u0027notes\u0027 field of a discovered scan asset."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-25T17:15:15",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Rapid7 Metasploit Pro Stored XSS in \u0027host\u0027 field",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-05-21T13:13:00.000Z",
"ID": "CVE-2020-7354",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Pro Stored XSS in \u0027host\u0027 field"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "4.17.1-20200427",
"version_value": "4.17.1-20200427"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Andrea Valenza at the University of Genoa discovered and reported this issue to Rapid7"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) vulnerability in the \u0027host\u0027 field of a discovered scan asset in Rapid7 Metasploit Pro allows an attacker with a specially-crafted network service of a scan target to store an XSS sequence in the Metasploit Pro console, which will trigger when the operator views the record of that scanned host in the Metasploit Pro interface. This issue affects Rapid7 Metasploit Pro version 4.17.1-20200427 and prior versions, and is fixed in Metasploit Pro version 4.17.1-20200514. See also CVE-2020-7355, which describes a similar issue, but involving the generated \u0027notes\u0027 field of a discovered scan asset."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2020/05/#20200514"
},
{
"name": "https://avalz.it/research/metasploit-pro-xss-to-rce/",
"refsource": "MISC",
"url": "https://avalz.it/research/metasploit-pro-xss-to-rce/"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to Metasploit Pro version 4.17.1-20200514 to fix this issue."
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7354",
"datePublished": "2020-06-25T17:15:15.535412Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T00:25:26.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7350 (GCVE-0-2020-7350)
Vulnerability from cvelistv5 – Published: 2020-04-22 21:25 – Updated: 2024-09-17 00:51
VLAI?
Title
Metasploit Framework Plugin Libnotify Command Injection
Summary
Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer's hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator's terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command.
Severity ?
6.1 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
5.0.85 , < 5.0.85
(custom)
|
Credits
This issue was discovered and reported to Rapid7 by javier aguinaga.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:25:49.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThan": "5.0.85",
"status": "affected",
"version": "5.0.85",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported to Rapid7 by javier aguinaga."
}
],
"datePublic": "2020-04-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer\u0027s hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator\u0027s terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command."
}
],
"exploits": [
{
"lang": "en",
"value": "An exploit is available at the CONRIM link, along with the fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-23T20:11:53",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 5.0.85"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Metasploit Framework Plugin Libnotify Command Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2020-04-16T15:55:00.000Z",
"ID": "CVE-2020-7350",
"STATE": "PUBLIC",
"TITLE": "Metasploit Framework Plugin Libnotify Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0.85",
"version_value": "5.0.85"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported to Rapid7 by javier aguinaga."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Framework versions before 5.0.85 suffers from an instance of CWE-78: OS Command Injection, wherein the libnotify plugin accepts untrusted user-supplied data via a remote computer\u0027s hostname or service name. An attacker can create a specially-crafted hostname or service name to be imported by Metasploit from a variety of sources and trigger a command injection on the operator\u0027s terminal. Note, only the Metasploit Framework and products that expose the plugin system is susceptible to this issue -- notably, this does not include Rapid7 Metasploit Pro. Also note, this vulnerability cannot be triggered through a normal scan operation -- the attacker would have to supply a file that is processed with the db_import command."
}
]
},
"exploit": [
{
"lang": "en",
"value": "An exploit is available at the CONRIM link, along with the fix."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/issues/13026",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/issues/13026"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 5.0.85"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2020-7350",
"datePublished": "2020-04-22T21:25:13.300204Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-17T00:51:34.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5642 (GCVE-0-2019-5642)
Vulnerability from cvelistv5 – Published: 2019-11-06 18:30 – Updated: 2024-09-17 04:24
VLAI?
Title
MAGICK
Summary
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Pro |
Affected:
unspecified , ≤ 4.16.0-2019081901
(custom)
|
Credits
This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7's vulnerability disclosure policy (https://www.rapid7.com/disclosure/).
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Pro",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.16.0-2019081901",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"datePublic": "2019-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T18:30:42",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
],
"solutions": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"
}
],
"source": {
"advisory": "R7-2019-35",
"defect": [
"MS-4514"
],
"discovery": "USER"
},
"title": "MAGICK",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-09-12T20:00:00.000Z",
"ID": "CVE-2019-5642",
"STATE": "PUBLIC",
"TITLE": "MAGICK"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Pro",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.16.0-2019081901"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was discovered and reported to Rapid7 by Rodney Beele. It is being disclosed in accordance with Rapid7\u0027s vulnerability disclosure policy (https://www.rapid7.com/disclosure/)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers from an instance of CWE-732, wherein the unique server.key is written to the file system during installation with world-readable permissions. This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001"
}
]
},
"solution": [
{
"lang": "en",
"value": "This issue is resolved in Metasploit Pro version 4.16.0-2019091001"
}
],
"source": {
"advisory": "R7-2019-35",
"defect": [
"MS-4514"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5642",
"datePublished": "2019-11-06T18:30:42.787547Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T04:24:03.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-5624 (GCVE-0-2019-5624)
Vulnerability from cvelistv5 – Published: 2019-04-30 16:53 – Updated: 2024-09-17 04:29
VLAI?
Title
Rapid7 Metasploit Framework Zip Import Directory Traversal
Summary
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions.
Severity ?
7.4 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit Framework |
Affected:
4.14.0 , ≤ 4.14.0
(custom)
|
Credits
This issue was discovered by Doyensec, and reported privately by Luca Carettoni.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:01:51.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit Framework",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "4.14.0",
"status": "affected",
"version": "4.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."
}
],
"datePublic": "2019-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-30T16:53:31",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 4.15.0 or later."
}
],
"source": {
"discovery": "USER"
},
"title": "Rapid7 Metasploit Framework Zip Import Directory Traversal",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2019-04-24T18:00:00.000Z",
"ID": "CVE-2019-5624",
"STATE": "PUBLIC",
"TITLE": "Rapid7 Metasploit Framework Zip Import Directory Traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit Framework",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c=",
"version_name": "4.14.0",
"version_value": "4.14.0"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "This issue was discovered by Doyensec, and reported privately by Luca Carettoni."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level of the user running Metasploit. This issue affects: Rapid7 Metasploit Framework version 4.14.0 and prior versions."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rapid7/metasploit-framework/pull/11716",
"refsource": "CONFIRM",
"url": "https://github.com/rapid7/metasploit-framework/pull/11716"
},
{
"name": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416",
"refsource": "CONFIRM",
"url": "https://help.rapid7.com/metasploit/release-notes/archive/2019/04/#20190416"
},
{
"name": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html",
"refsource": "MISC",
"url": "https://blog.doyensec.com/2019/04/24/rubyzip-bug.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 4.15.0 or later."
}
],
"source": {
"discovery": "USER"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2019-5624",
"datePublished": "2019-04-30T16:53:31.816001Z",
"dateReserved": "2019-01-07T00:00:00",
"dateUpdated": "2024-09-17T04:29:13.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15084 (GCVE-0-2017-15084)
Vulnerability from cvelistv5 – Published: 2017-10-06 21:00 – Updated: 2024-09-16 19:10
VLAI?
Summary
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-06T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/",
"refsource": "CONFIRM",
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15084",
"datePublished": "2017-10-06T21:00:00Z",
"dateReserved": "2017-10-06T00:00:00Z",
"dateUpdated": "2024-09-16T19:10:27.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5244 (GCVE-0-2017-5244)
Vulnerability from cvelistv5 – Published: 2017-06-15 14:00 – Updated: 2024-08-05 14:55
VLAI?
Summary
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.
Severity ?
No CVSS data available.
CWE
- CWE-352 - (Cross-Site Request Forgery)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | Metasploit (Pro, Express, and Community editions) |
Affected:
< 4.14.0 (Update 2017061301)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Metasploit (Pro, Express, and Community editions)",
"vendor": "Rapid7",
"versions": [
{
"status": "affected",
"version": "\u003c 4.14.0 (Update 2017061301)"
}
]
}
],
"datePublic": "2017-06-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 (Cross-Site Request Forgery)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-16T09:57:01",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"name": "99082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"ID": "CVE-2017-5244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Metasploit (Pro, Express, and Community editions)",
"version": {
"version_data": [
{
"version_value": "\u003c 4.14.0 (Update 2017061301)"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 (Cross-Site Request Forgery)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99082"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed",
"refsource": "CONFIRM",
"url": "https://community.rapid7.com/community/metasploit/blog/2017/06/15/r7-2017-16-cve-2017-5244-lack-of-csrf-protection-for-stopping-tasks-in-metasploit-pro-express-and-community-editions-fixed"
},
{
"name": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/",
"refsource": "MISC",
"url": "https://www.seekurity.com/blog/general/metasploit-web-project-kill-all-running-tasks-csrf-CVE-2017-5244/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2017-5244",
"datePublished": "2017-06-15T14:00:00",
"dateReserved": "2017-01-09T00:00:00",
"dateUpdated": "2024-08-05T14:55:35.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}