Описание
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Ссылки
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
EPSS
4 Medium
CVSS3
3.3 Low
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
EPSS
4 Medium
CVSS3
3.3 Low
CVSS3
2.1 Low
CVSS2