CVE-2021-4016

Published: Jan 21, 2022Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.

Affected (1)

Products: Rapid7: Insight Agent

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rapid7 Insight Agent	Before 3.1.3

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://docs.rapid7.com/release-notes/insightagent/20220119/

Source: cve@rapid7.com

Release NotesThird Party Advisory

https://docs.rapid7.com/release-notes/insightagent/20220119/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.