Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.

Published

2023-04-26T09:15:09.117

Last Modified

2024-11-21T07:58:17.277

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22
Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	rapid7	insight_agent	< 3.3.0	Yes

References

https://docs.rapid7.com/release-notes/insightagent/20230425/ Release Notes ([email protected])
https://docs.rapid7.com/release-notes/insightagent/20230425/ Release Notes (af854a3a-2127-422b-91ae-364da2661108)