CVE-2023-2273

MEDIUM

Rapid7 Insight Agent < 3.3.0 - Path Traversal and Arbitrary File Write via CLI Argument

Title source: llm

Description

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.

References (1)

Core 1

Core References

Release Notes

https://docs.rapid7.com/release-notes/insightagent/20230425/

Scores

CVSS v3 5.8

EPSS 0.0072

EPSS Percentile 49.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

rapid7/insight_agent < 3.3.0

Published Apr 26, 2023

Tracked Since Feb 18, 2026