← voltar
CVE-2021-4016

Rapid7 Insight Agent Improper Access Control

CVSS 4 MEDIUMEPSS 0.2%CWE-284
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4EPSS 0.2%KEV nãoPoC Patch
Ciclo de vida
21 jan 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
Rapid7 · Insight Agent

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://docs.rapid7.com/release-notes/insightagent/20220119/