CVE-2023-2273

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:rapid7:insight_agent:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-26 09:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-2273

Mitre link : CVE-2023-2273

CVE.ORG link : CVE-2023-2273


JSON object : View

Products Affected

rapid7

  • insight_agent
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')