Rapid7 Insight Agent Improper Access Control
CVE-2021-4016

4MEDIUM

Key Information:

Vendor: Rapid7
Status: Insight Agent
Vendor: CVE Published:; 21 January 2022

What is CVE-2021-4016?

Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.

Affected Version(s)

Insight Agent 3.1.3

References

https://docs.rapid7.com/release-notes/insightagent/20220119/

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2022
Vulnerability Reserved
Nov 24, 2021

Credit

Andreas Welcker