CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.3%

CVSS Severity

CVSS v3 Score 5.8

References

Products affected by CVE-2023-2273

Rapid7 » Insight Agent » Version: N/A

cpe:2.3:a:rapid7:insight_agent:-
Rapid7 » Insight Agent » Version: 2.5.2

cpe:2.3:a:rapid7:insight_agent:2.5.2
Rapid7 » Insight Agent » Version: 2.5.3

cpe:2.3:a:rapid7:insight_agent:2.5.3
Rapid7 » Insight Agent » Version: 2.6.0

cpe:2.3:a:rapid7:insight_agent:2.6.0
Rapid7 » Insight Agent » Version: 2.6.1

cpe:2.3:a:rapid7:insight_agent:2.6.1
Rapid7 » Insight Agent » Version: 2.6.2

cpe:2.3:a:rapid7:insight_agent:2.6.2
Rapid7 » Insight Agent » Version: 2.6.3

cpe:2.3:a:rapid7:insight_agent:2.6.3
Rapid7 » Insight Agent » Version: 2.6.4

cpe:2.3:a:rapid7:insight_agent:2.6.4
Rapid7 » Insight Agent » Version: 2.6.5

cpe:2.3:a:rapid7:insight_agent:2.6.5
Rapid7 » Insight Agent » Version: 2.6.6

cpe:2.3:a:rapid7:insight_agent:2.6.6
Rapid7 » Insight Agent » Version: 2.6.7

cpe:2.3:a:rapid7:insight_agent:2.6.7
Rapid7 » Insight Agent » Version: 2.7.0

cpe:2.3:a:rapid7:insight_agent:2.7.0
Rapid7 » Insight Agent » Version: 2.7.1

cpe:2.3:a:rapid7:insight_agent:2.7.1
Rapid7 » Insight Agent » Version: 2.7.10

cpe:2.3:a:rapid7:insight_agent:2.7.10
Rapid7 » Insight Agent » Version: 2.7.11

cpe:2.3:a:rapid7:insight_agent:2.7.11
Rapid7 » Insight Agent » Version: 2.7.13

cpe:2.3:a:rapid7:insight_agent:2.7.13
Rapid7 » Insight Agent » Version: 2.7.14

cpe:2.3:a:rapid7:insight_agent:2.7.14
Rapid7 » Insight Agent » Version: 2.7.15

cpe:2.3:a:rapid7:insight_agent:2.7.15
Rapid7 » Insight Agent » Version: 2.7.16

cpe:2.3:a:rapid7:insight_agent:2.7.16
Rapid7 » Insight Agent » Version: 2.7.17

cpe:2.3:a:rapid7:insight_agent:2.7.17
Rapid7 » Insight Agent » Version: 2.7.18

cpe:2.3:a:rapid7:insight_agent:2.7.18
Rapid7 » Insight Agent » Version: 2.7.19

cpe:2.3:a:rapid7:insight_agent:2.7.19
Rapid7 » Insight Agent » Version: 2.7.2

cpe:2.3:a:rapid7:insight_agent:2.7.2
Rapid7 » Insight Agent » Version: 2.7.20

cpe:2.3:a:rapid7:insight_agent:2.7.20
Rapid7 » Insight Agent » Version: 2.7.21

cpe:2.3:a:rapid7:insight_agent:2.7.21
Rapid7 » Insight Agent » Version: 2.7.22

cpe:2.3:a:rapid7:insight_agent:2.7.22
Rapid7 » Insight Agent » Version: 2.7.3

cpe:2.3:a:rapid7:insight_agent:2.7.3
Rapid7 » Insight Agent » Version: 2.7.4

cpe:2.3:a:rapid7:insight_agent:2.7.4
Rapid7 » Insight Agent » Version: 2.7.5

cpe:2.3:a:rapid7:insight_agent:2.7.5
Rapid7 » Insight Agent » Version: 2.7.6

cpe:2.3:a:rapid7:insight_agent:2.7.6
Rapid7 » Insight Agent » Version: 2.7.7

cpe:2.3:a:rapid7:insight_agent:2.7.7
Rapid7 » Insight Agent » Version: 2.7.8

cpe:2.3:a:rapid7:insight_agent:2.7.8
Rapid7 » Insight Agent » Version: 2.7.9

cpe:2.3:a:rapid7:insight_agent:2.7.9
Rapid7 » Insight Agent » Version: 3.0.1

cpe:2.3:a:rapid7:insight_agent:3.0.1
Rapid7 » Insight Agent » Version: 3.0.10

cpe:2.3:a:rapid7:insight_agent:3.0.10
Rapid7 » Insight Agent » Version: 3.0.2.3

cpe:2.3:a:rapid7:insight_agent:3.0.2.3
Rapid7 » Insight Agent » Version: 3.0.3

cpe:2.3:a:rapid7:insight_agent:3.0.3
Rapid7 » Insight Agent » Version: 3.0.4

cpe:2.3:a:rapid7:insight_agent:3.0.4
Rapid7 » Insight Agent » Version: 3.0.5

cpe:2.3:a:rapid7:insight_agent:3.0.5
Rapid7 » Insight Agent » Version: 3.0.6

cpe:2.3:a:rapid7:insight_agent:3.0.6
Rapid7 » Insight Agent » Version: 3.0.7

cpe:2.3:a:rapid7:insight_agent:3.0.7
Rapid7 » Insight Agent » Version: 3.0.8

cpe:2.3:a:rapid7:insight_agent:3.0.8
Rapid7 » Insight Agent » Version: 3.0.9

cpe:2.3:a:rapid7:insight_agent:3.0.9
Rapid7 » Insight Agent » Version: 3.1.0

cpe:2.3:a:rapid7:insight_agent:3.1.0
Rapid7 » Insight Agent » Version: 3.1.1

cpe:2.3:a:rapid7:insight_agent:3.1.1
Rapid7 » Insight Agent » Version: 3.1.10

cpe:2.3:a:rapid7:insight_agent:3.1.10
Rapid7 » Insight Agent » Version: 3.1.10.34

cpe:2.3:a:rapid7:insight_agent:3.1.10.34
Rapid7 » Insight Agent » Version: 3.1.10.36

cpe:2.3:a:rapid7:insight_agent:3.1.10.36
Rapid7 » Insight Agent » Version: 3.1.11

cpe:2.3:a:rapid7:insight_agent:3.1.11
Rapid7 » Insight Agent » Version: 3.1.12

cpe:2.3:a:rapid7:insight_agent:3.1.12
Rapid7 » Insight Agent » Version: 3.1.2

cpe:2.3:a:rapid7:insight_agent:3.1.2
Rapid7 » Insight Agent » Version: 3.1.2.35

cpe:2.3:a:rapid7:insight_agent:3.1.2.35
Rapid7 » Insight Agent » Version: 3.1.2.36

cpe:2.3:a:rapid7:insight_agent:3.1.2.36
Rapid7 » Insight Agent » Version: 3.1.2.38

cpe:2.3:a:rapid7:insight_agent:3.1.2.38
Rapid7 » Insight Agent » Version: 3.1.3

cpe:2.3:a:rapid7:insight_agent:3.1.3
Rapid7 » Insight Agent » Version: 3.1.3.78

cpe:2.3:a:rapid7:insight_agent:3.1.3.78
Rapid7 » Insight Agent » Version: 3.1.3.79

cpe:2.3:a:rapid7:insight_agent:3.1.3.79
Rapid7 » Insight Agent » Version: 3.1.3.80

cpe:2.3:a:rapid7:insight_agent:3.1.3.80
Rapid7 » Insight Agent » Version: 3.1.4

cpe:2.3:a:rapid7:insight_agent:3.1.4
Rapid7 » Insight Agent » Version: 3.1.4.48

cpe:2.3:a:rapid7:insight_agent:3.1.4.48
Rapid7 » Insight Agent » Version: 3.1.4.49

cpe:2.3:a:rapid7:insight_agent:3.1.4.49
Rapid7 » Insight Agent » Version: 3.1.4.52

cpe:2.3:a:rapid7:insight_agent:3.1.4.52
Rapid7 » Insight Agent » Version: 3.1.5

cpe:2.3:a:rapid7:insight_agent:3.1.5
Rapid7 » Insight Agent » Version: 3.1.5.15

cpe:2.3:a:rapid7:insight_agent:3.1.5.15
Rapid7 » Insight Agent » Version: 3.1.6

cpe:2.3:a:rapid7:insight_agent:3.1.6
Rapid7 » Insight Agent » Version: 3.1.6.44

cpe:2.3:a:rapid7:insight_agent:3.1.6.44
Rapid7 » Insight Agent » Version: 3.1.6.45

cpe:2.3:a:rapid7:insight_agent:3.1.6.45
Rapid7 » Insight Agent » Version: 3.1.7

cpe:2.3:a:rapid7:insight_agent:3.1.7
Rapid7 » Insight Agent » Version: 3.1.8

cpe:2.3:a:rapid7:insight_agent:3.1.8
Rapid7 » Insight Agent » Version: 3.1.9

cpe:2.3:a:rapid7:insight_agent:3.1.9
Rapid7 » Insight Agent » Version: 3.2.0

cpe:2.3:a:rapid7:insight_agent:3.2.0
Rapid7 » Insight Agent » Version: 3.2.1

cpe:2.3:a:rapid7:insight_agent:3.2.1
Rapid7 » Insight Agent » Version: 3.2.2

cpe:2.3:a:rapid7:insight_agent:3.2.2
Rapid7 » Insight Agent » Version: 3.2.3

cpe:2.3:a:rapid7:insight_agent:3.2.3
Rapid7 » Insight Agent » Version: 3.2.4

cpe:2.3:a:rapid7:insight_agent:3.2.4
Rapid7 » Insight Agent » Version: 3.2.5

cpe:2.3:a:rapid7:insight_agent:3.2.5
Rapid7 » Insight Agent » Version: 3.2.6

cpe:2.3:a:rapid7:insight_agent:3.2.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-2273

Products

Pricing

Contact Us