CVE-2021-4016
Rapid7 Insight Agent Improper Access Control
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Rapid7 Insight Agent, versiones anteriores a la 3.1.3, sufren una vulnerabilidad de control de acceso inapropiada por la cual, el usuario presenta acceso al directorio de instantáneas. Un atacante puede acceder, leer y copiar cualquiera de los archivos de este directorio, por ejemplo, asset_info.json o file_info.json, conllevando a una pérdida de confidencialidad. Este problema se ha solucionado en Rapid7 Insight Agent versión 3.1.3
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-24 CVE Reserved
- 2022-01-21 CVE Published
- 2023-08-14 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://docs.rapid7.com/release-notes/insightagent/20220119 | Release Notes |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rapid7 Search vendor "Rapid7" | Insight Agent Search vendor "Rapid7" for product "Insight Agent" | < 3.1.3 Search vendor "Rapid7" for product "Insight Agent" and version " < 3.1.3" | - |
Affected
|