← volver
CVE-2021-4016

Rapid7 Insight Agent Improper Access Control

CVSS 4 MEDIUMEPSS 0.2%CWE-284
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
21 ene 2022Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Rapid7 · Insight Agent

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://docs.rapid7.com/release-notes/insightagent/20220119/