Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user’s password is changed by an administrator due to an otherwise unrelated credential leak, that user account’s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638.
More Stories
Akira Ransomware Attack
What is the Akira Ransomware Attack? The Akira ransomware attack has actively and widely impacting businesses. According to CISA advisory,...
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
FEDORA-2024-d652859efb Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38 Update description: Update golang-gvisor to 20240408.0 Read More
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39
FEDORA-2024-9cc0e0c63e Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc39 Update description: Update golang-gvisor to 20240408.0 Read More
golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40
FEDORA-2024-80e062d21a Packages in this update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40 Update description: Update golang-gvisor to 20240408.0 Read More
python-reportlab-4.2.0-1.fc39
FEDORA-2024-6ec4e78241 Packages in this update: python-reportlab-4.2.0-1.fc39 Update description: Release 4.2.0 Read More
python-reportlab-4.2.0-1.fc40
FEDORA-2024-dc844d0669 Packages in this update: python-reportlab-4.2.0-1.fc40 Update description: Release 4.2.0 Read More