Rapid7 Metasploit Pro version 4.16.0-2019081901 Incorrect Permission Assignment for Critical Resource Vulnerability
Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers, wherein the unique server.key is written to the file system during installation with world-readable permissions.
The information has been provided by Vendor
The original article can be found at:https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001
This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.
Rapid7 Metasploit Pro version 4.16.0-2019081901