cvedb.io
CVE-2023-2273
MEDIUM · CVSS 5.8
EPSS exploitation probability: 0%
Published 2023-04-26T09:15:09.117 · Last modified 2026-06-17T05:52:09.643

Summary

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.

Affected products

rapid7 — insight_agent

Does this affect you?

Add your gear to cvedb and we'll alert you only when rapid7 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.