CVE-2021-4016: Rapid7 Insight Agent Improper Access Control
First published: Fri Jan 21 2022(Updated: )
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.
Credit: cve@rapid7.con
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rapid7 Insight Agent | <3.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-4016?
CVE-2021-4016 is an improper access control vulnerability in Rapid7 Insight Agent versions prior to 3.1.3.
How does CVE-2021-4016 affect Rapid7 Insight Agent?
CVE-2021-4016 allows an attacker to access, read, and copy files in the snapshot directory of Rapid7 Insight Agent.
What is the severity of CVE-2021-4016?
CVE-2021-4016 has a severity rating of medium with a score of 3.3.
How can an attacker exploit CVE-2021-4016?
An attacker can exploit CVE-2021-4016 by gaining access to the snapshot directory and copying sensitive files like asset_info.json or file_info.json.
How can I fix CVE-2021-4016?
To fix CVE-2021-4016, upgrade Rapid7 Insight Agent to version 3.1.3 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/title
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/rapid7
- canonical/rapid7 insight agent