Add CVE-2019-5640 for Rapid7

At long last.
2025-05-07 19:17:10 +00:00 · 2021-11-19 12:02:47 -06:00 · 2021-11-19 12:02:47 -06:00 · 8e08ed11a7
commit 8e08ed11a7
parent 7fc85610aa
1 changed files with 74 additions and 4 deletions
--- a/2019/5xxx/CVE-2019-5640.json
+++ b/2019/5xxx/CVE-2019-5640.json
@ -1,8 +1,35 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "cve@rapid7.com",
+        "DATE_PUBLIC": "2021-11-17T15:05:00.000Z",
        "ID": "CVE-2019-5640",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Rapid7 Nexpose Information Disclosure after logout"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Nexpose",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_name": "6.6.114",
+                                            "version_value": "6.6.114"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "Rapid7"
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,8 +38,51 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel  and view the details available in the last webpage visited by previous user\n"
            }
        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "NONE",
+            "baseScore": 3.3,
+            "baseSeverity": "LOW",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-200 Information Exposure"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://docs.rapid7.com/release-notes/nexpose/20211117/",
+                "refsource": "CONFIRM",
+                "url": "https://docs.rapid7.com/release-notes/nexpose/20211117/"
+            }
+        ]
+    },
+    "source": {
+        "discovery": "UNKNOWN"
    }
-}
+}