CVE-2021-4016 Information

Description

Rapid7 Insight Agent versions prior to 3.1.3 suffer from an improper access control vulnerability whereby the user has access to the snapshot directory. An attacker can access read and copy any of the files in this directory e.g. asset_info.json or file_info.json leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://docs.rapid7.com/release-notes/insightagent/20220119/

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.3