← Zuruck zu CVEs
CVE-2023-2273
MEDIUM5.8
Beschreibung
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.
CVE Details
CVSS v3.1 Bewertung5.8
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/26/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
rapid7:insight_agent
Schwachen (CWE)
CWE-22CWE-22
Referenzen
https://docs.rapid7.com/release-notes/insightagent/20230425/(cve@rapid7.com)
https://docs.rapid7.com/release-notes/insightagent/20230425/(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.