Unrated severityNVD Advisory· Published Jan 21, 2022· Updated Sep 16, 2024
Rapid7 Insight Agent Improper Access Control
CVE-2021-4016
Description
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<3.1.3+ 1 more
- (no CPE)range: <3.1.3
- (no CPE)range: 3.1.3
Patches
Vulnerability mechanics
References
1- docs.rapid7.com/release-notes/insightagent/20220119/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.