CVE-2018-5559 LOW

CVE-2018-5559

Vendor Rapid7
Product Komand
Weakness CWE-212
Published November 28, 2018
Last update September 17, 2024

CVSS base score

3.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect Rapid7 Komand version 0.42.0 and later versions.

Key dates

02Disclosure timeline

November 28, 2018 CVE published
September 17, 2024 Record updated