Key Exposure in Logging.json Allows High Privileges Access
CVE-2024-3185

6.8MEDIUM

Key Information:

Vendor: Rapid7
Status: Insight Agent
Vendor: CVE Published:; 23 April 2024

What is CVE-2024-3185?

A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent.

Affected Version(s)

Insight Agent 0 <= 2024-04-03T12:00:00:000Z

References

https://docs.rapid7.com/insightidr/configure-the-insight-...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2024
Vulnerability Reserved
Apr 2, 2024

Credit

Ryan Schachtschneider