Rapid7 Metasploit Pro version 4.16.0-2019081901 Incorrect Permission Assignment for Critical Resource Vulnerability


Rapid7 Metasploit Pro version 4.16.0-2019081901 and prior suffers, wherein the unique server.key is written to the file system during installation with world-readable permissions. 





The information has been provided by Vendor

The original article can be found at:https://help.rapid7.com/metasploit/release-notes/?rid=4.16.0-2019091001



This can allow other users of the same system where Metasploit Pro is installed to intercept otherwise private communications to the Metasploit Pro web interface.


Vulnerable Systems:

Rapid7 Metasploit Pro version 4.16.0-2019081901 


CVE Information:



Disclosure Timeline:
Published Date:11/6/2019