{"api_version":"1","generated_at":"2026-05-03T10:48:27+00:00","cve":"CVE-2019-5641","urls":{"html":"https://cve.report/CVE-2019-5641","api":"https://cve.report/api/cve/CVE-2019-5641.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-5641","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-5641"},"summary":{"title":"CVE-2019-5641","description":"Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user","state":"PUBLIC","assigner":"cve@rapid7.com","published_at":"2022-09-21 15:15:00","updated_at":"2022-09-23 15:10:00"},"problem_types":["CWE-613"],"metrics":[],"references":[{"url":"https://docs.rapid7.com/release-notes/insightvm/20220830/","name":"https://docs.rapid7.com/release-notes/insightvm/20220830/","refsource":"CONFIRM","tags":[],"title":"InsightVM Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-5641","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-5641","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Ashutosh Barot reported this vulnerability to Rapid7","lang":""}],"nvd_cpes":[{"cve_year":"2019","cve_id":"5641","vulnerable":"1","versionEndIncluding":"6.6.160","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rapid7","cpe5":"insightvm","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","generator":{"engine":"Vulnogram 0.0.9"},"CVE_data_meta":{"ID":"CVE-2019-5641","ASSIGNER":"cve@rapid7.com","DATE_PUBLIC":"2022-08-30T09:00:00.000Z","TITLE":"Rapid7 InsightVM Information Disclosure after Logout","AKA":"","STATE":"PUBLIC"},"source":{"defect":[],"advisory":"","discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Rapid7","product":{"product_data":[{"product_name":"InsightVM","version":{"version_data":[{"version_name":"6.6.160","version_affected":"<=","version_value":"6.6.160","platform":""}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-200 Information Exposure"}]}]},"description":{"description_data":[{"lang":"eng","value":"Rapid7 InsightVM suffers from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user"}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://docs.rapid7.com/release-notes/insightvm/20220830/","name":"https://docs.rapid7.com/release-notes/insightvm/20220830/"}]},"configuration":[],"impact":{"cvss":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW"}},"exploit":[],"work_around":[],"solution":[],"credit":[{"lang":"eng","value":"Ashutosh Barot reported this vulnerability to Rapid7"}]},"nvd":{"publishedDate":"2022-09-21 15:15:00","lastModifiedDate":"2022-09-23 15:10:00","problem_types":["CWE-613"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:rapid7:insightvm:*:*:*:*:*:*:*:*","versionEndIncluding":"6.6.160","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"5641","Ordinal":"143262","Title":"CVE-2019-5641","CVE":"CVE-2019-5641","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"5641","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}