CVE-2021-4016

MEDIUM

Rapid7 Insight Agent <3.1.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3.

References (1)

Core 1
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://docs.rapid7.com/release-notes/insightagent/20220119/

Scores

CVSS v3 4.0
EPSS 0.0022
EPSS Percentile 12.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-284
Status published
Products (1)
rapid7/insight_agent < 3.1.3
Published Jan 21, 2022
Tracked Since Feb 18, 2026