Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2273: Insight Agent Release Notes

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.

CVE
Open in Source
#vulnerability#web#git#intel

  • Products

    • Insight Platform Solutions

    • Threat Intelligence

      THREAT COMMAND

    • Vulnerability Management

      INSIGHTVM

    • Dynamic Application Security Testing

      INSIGHTAPPSEC

    • Orchestration & Automation (SOAR)

      INSIGHTCONNECT

    • Cloud Security

      INSIGHTCLOUDSEC

*   More Solutions
*   Penetration Testing
    
    METASPLOIT
    
*   On-Prem Vulnerability Management
    
    NEXPOSE
    
*   Digital Forensics and Incident Response (DFIR)
    
    Velociraptor
    

*   Cloud Risk Complete
    
    Cloud Security with Unlimited Vulnerability Management
    
    Explore Offer
*   Managed Threat Complete
    
    MDR with Unlimited Risk Coverage
    
    Explore offer

  • Services

    • MANAGED SERVICES

    • Detection and Response

      24/7 MONITORING & REMEDIATION FROM MDR EXPERTS

    • Vulnerability Management

      PERFECTLY OPTIMIZED RISK ASSESSMENT

    • Application Security

      SCAN MANAGEMENT & VULNERABILITY VALIDATION

*   OTHER SERVICES
*   Security Advisory Services
    
    PLAN, BUILD, & PRIORITIZE SECURITY INITIATIVES
    
*   Product Consulting
    
    QUICK-START & CONFIGURATION
    
*   Training & Certification
    
    SKILLS & ADVANCEMENT
    
*   Penetration Services
    
    TEST YOUR DEFENSES IN REAL-TIME
    
*   IoT Security Testing
    
    SECURE EVERYTHING CONNECTED TO A CONNECTED WORLD
    
*   Premium Support
    
    PRIORITY HELP & FASTER SOLUTIONS

  • Support & Resources

    • SUPPORT

    • Support Portal

      CONTACT CUSTOMER SUPPORT

    • Product Documentation

      EXPLORE PRODUCT GUIDES

    • Release Notes

      DISCOVER THE LATEST PRODUCT UPDATES

    • RESOURCES

    • Fundamentals

      FOUNDATIONAL SECURITY KNOWLEDGE

    • Blog

      THE LATEST INDUSTRY NEWS AND SECURITY EXPERTISE

    • Resources Library

      E-BOOKS, WHITE PAPERS, VIDEOS & BRIEFS

    • Extensions Library

      PLUGINS, INTEGRATIONS & DEVELOPER COMMUNITY

    • Partners

      RAPID7 PARTNER ECOSYSTEM

    • Webcasts & Events

      UPCOMING OPPORTUNITIES TO CONNECT WITH US

    • Vulnerability & Exploit Database

      SEARCH THE LATEST SECURITY RESEARCH

  • Company

    • OVERVIEW

    • Leadership

      EXECUTIVE TEAM & BOARD

    • News & Press Releases

      THE LATEST FROM OUR NEWSROOM

    • Our Customers

      Their Success Stories

*   COMMUNITY & CULTURE
*   Social Good
    
    OUR COMMITMENT & APPROACH
    
*   Rapid7 Cybersecurity Foundation
    
    BUILDING THE FUTURE
    
*   Diversity, Equity & Inclusion
    
    EMPOWERING PEOPLE
    
*   Open Source
    
    STRENGTHENING CYBERSECURITY
    
*   Public Policy
    
    ENGAGEMENT & ADVOCACY

  • RESEARCH

  • Sign In

  • All Products

    • AppSpider
    • Insight Agent
    • InsightAppSec
    • InsightCloudSec
    • InsightConnect
    • Insight Platform
    • InsightIDR
    • Insight Network Sensor
    • InsightOps
    • InsightVM
    • Metasploit
    • Nexpose
    • tCell
    • Managed Services

  • Products

    • Insight Platform Solutions

    • Threat Intelligence

      THREAT COMMAND

    • Vulnerability Management

      INSIGHTVM

    • Dynamic Application Security Testing

      INSIGHTAPPSEC

    • Orchestration & Automation (SOAR)

      INSIGHTCONNECT

    • Cloud Security

      INSIGHTCLOUDSEC

*   More Solutions
*   Penetration Testing
    
    METASPLOIT
    
*   On-Prem Vulnerability Management
    
    NEXPOSE
    
*   Digital Forensics and Incident Response (DFIR)
    
    Velociraptor
    

*   Cloud Risk Complete
    
    Cloud Security with Unlimited Vulnerability Management
    
    Explore Offer
*   Managed Threat Complete
    
    MDR with Unlimited Risk Coverage
    
    Explore offer

  • Services

    • MANAGED SERVICES

    • Detection and Response

      24/7 MONITORING & REMEDIATION FROM MDR EXPERTS

    • Vulnerability Management

      PERFECTLY OPTIMIZED RISK ASSESSMENT

    • Application Security

      SCAN MANAGEMENT & VULNERABILITY VALIDATION

*   OTHER SERVICES
*   Security Advisory Services
    
    PLAN, BUILD, & PRIORITIZE SECURITY INITIATIVES
    
*   Product Consulting
    
    QUICK-START & CONFIGURATION
    
*   Training & Certification
    
    SKILLS & ADVANCEMENT
    
*   Penetration Services
    
    TEST YOUR DEFENSES IN REAL-TIME
    
*   IoT Security Testing
    
    SECURE EVERYTHING CONNECTED TO A CONNECTED WORLD
    
*   Premium Support
    
    PRIORITY HELP & FASTER SOLUTIONS

  • Support & Resources

    • SUPPORT

    • Support Portal

      CONTACT CUSTOMER SUPPORT

    • Product Documentation

      EXPLORE PRODUCT GUIDES

    • Release Notes

      DISCOVER THE LATEST PRODUCT UPDATES

    • RESOURCES

    • Fundamentals

      FOUNDATIONAL SECURITY KNOWLEDGE

    • Blog

      THE LATEST INDUSTRY NEWS AND SECURITY EXPERTISE

    • Resources Library

      E-BOOKS, WHITE PAPERS, VIDEOS & BRIEFS

    • Extensions Library

      PLUGINS, INTEGRATIONS & DEVELOPER COMMUNITY

    • Partners

      RAPID7 PARTNER ECOSYSTEM

    • Webcasts & Events

      UPCOMING OPPORTUNITIES TO CONNECT WITH US

    • Vulnerability & Exploit Database

      SEARCH THE LATEST SECURITY RESEARCH

  • Company

    • OVERVIEW

    • Leadership

      EXECUTIVE TEAM & BOARD

    • News & Press Releases

      THE LATEST FROM OUR NEWSROOM

    • Our Customers

      Their Success Stories

*   COMMUNITY & CULTURE
*   Social Good
    
    OUR COMMITMENT & APPROACH
    
*   Rapid7 Cybersecurity Foundation
    
    BUILDING THE FUTURE
    
*   Diversity, Equity & Inclusion
    
    EMPOWERING PEOPLE
    
*   Open Source
    
    STRENGTHENING CYBERSECURITY
    
*   Public Policy
    
    ENGAGEMENT & ADVOCACY

  • RESEARCH

  • Sign In

  • Documentation

  • All Products

    • AppSpider

    • Insight Agent

    • InsightAppSec

    • InsightCloudSec

    • InsightConnect

    • Insight Platform

    • InsightIDR

    • Insight Network Sensor

    • InsightOps

    • InsightVM

    • Metasploit

    • Nexpose

    • tCell

    • Managed Services

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE