Vulnerability Details CVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.5%
CVSS Severity
CVSS v3 Score 4.0
CVSS v2 Score 2.1
References
Products affected by CVE-2021-4016
-
cpe:2.3:a:rapid7:insight_agent:-
-
cpe:2.3:a:rapid7:insight_agent:2.5.2
-
cpe:2.3:a:rapid7:insight_agent:2.5.3
-
cpe:2.3:a:rapid7:insight_agent:2.6.0
-
cpe:2.3:a:rapid7:insight_agent:2.6.1
-
cpe:2.3:a:rapid7:insight_agent:2.6.2
-
cpe:2.3:a:rapid7:insight_agent:2.6.3
-
cpe:2.3:a:rapid7:insight_agent:2.6.4
-
cpe:2.3:a:rapid7:insight_agent:2.6.5
-
cpe:2.3:a:rapid7:insight_agent:2.6.6
-
cpe:2.3:a:rapid7:insight_agent:2.6.7
-
cpe:2.3:a:rapid7:insight_agent:2.7.0
-
cpe:2.3:a:rapid7:insight_agent:2.7.1
-
cpe:2.3:a:rapid7:insight_agent:2.7.10
-
cpe:2.3:a:rapid7:insight_agent:2.7.11
-
cpe:2.3:a:rapid7:insight_agent:2.7.13
-
cpe:2.3:a:rapid7:insight_agent:2.7.14
-
cpe:2.3:a:rapid7:insight_agent:2.7.15
-
cpe:2.3:a:rapid7:insight_agent:2.7.16
-
cpe:2.3:a:rapid7:insight_agent:2.7.17
-
cpe:2.3:a:rapid7:insight_agent:2.7.18
-
cpe:2.3:a:rapid7:insight_agent:2.7.19
-
cpe:2.3:a:rapid7:insight_agent:2.7.2
-
cpe:2.3:a:rapid7:insight_agent:2.7.20
-
cpe:2.3:a:rapid7:insight_agent:2.7.21
-
cpe:2.3:a:rapid7:insight_agent:2.7.22
-
cpe:2.3:a:rapid7:insight_agent:2.7.3
-
cpe:2.3:a:rapid7:insight_agent:2.7.4
-
cpe:2.3:a:rapid7:insight_agent:2.7.5
-
cpe:2.3:a:rapid7:insight_agent:2.7.6
-
cpe:2.3:a:rapid7:insight_agent:2.7.7
-
cpe:2.3:a:rapid7:insight_agent:2.7.8
-
cpe:2.3:a:rapid7:insight_agent:2.7.9
-
cpe:2.3:a:rapid7:insight_agent:3.0.1
-
cpe:2.3:a:rapid7:insight_agent:3.0.10
-
cpe:2.3:a:rapid7:insight_agent:3.0.2.3
-
cpe:2.3:a:rapid7:insight_agent:3.0.3
-
cpe:2.3:a:rapid7:insight_agent:3.0.4
-
cpe:2.3:a:rapid7:insight_agent:3.0.5
-
cpe:2.3:a:rapid7:insight_agent:3.0.6
-
cpe:2.3:a:rapid7:insight_agent:3.0.7
-
cpe:2.3:a:rapid7:insight_agent:3.0.8
-
cpe:2.3:a:rapid7:insight_agent:3.0.9
-
cpe:2.3:a:rapid7:insight_agent:3.1.0
-
cpe:2.3:a:rapid7:insight_agent:3.1.1
-
cpe:2.3:a:rapid7:insight_agent:3.1.2
-
cpe:2.3:a:rapid7:insight_agent:3.1.2.35
-
cpe:2.3:a:rapid7:insight_agent:3.1.2.36
-
cpe:2.3:a:rapid7:insight_agent:3.1.2.38