CVE-2023-2273 Rapid7 Insight Agent Directory Traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

CVE-2023-2273 Rapid7 Insight Agent Directory Traversal

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write...

CVE-2023-2273

CVE-2023-2273 affects Rapid7 Insight Agent (token handler) versions ≤ 3.2.6. The issue is a Directory Traversal where an unsanitized CLI argument flows into io.ioutil.WriteFile and is used as a path, enabling an attacker to write arbitrary files. Remediation: upgrade to version 3.3.0, which adds ...

Rapid7 Insight Agent 路径遍历漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7 USA. The software is capable of collecting data from IT assets. A security vulnerability exists in Rapid7 Insight Agent version 3.2.6 and earlier versions. An attacker exploiting this vulnerability can write to arbitrary files...

PT-2023-18671 · Rapid7 · Rapid7 Insight Agent

Name of the Vulnerable Software and Affected Versions: Rapid7 Insight Agent versions 3.2.6 and below Description: The issue is related to a Directory Traversal vulnerability. Unsantized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path, potentially allowing an...

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language model LLM that's...

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape. Powering the cybersecurity suite is Sec-PaLM, a specialized large language model LLM that's...

Fedora 37 : insight (2023-b4d1469b54)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b4d1469b54 advisory. Disable stringop-overflow warnings. Patch bfd-CVE-2023-1972 fixes a security issue in bfd library. Tenable has extracted the preceding description...

Fedora 38 : insight (2023-8a6a30c142)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-8a6a30c142 advisory. Disable stringop-overflow warnings. Patch bfd-CVE-2023-1972 fixes a security issue in bfd library. Tenable has extracted the preceding description...

Fedora 36 : insight (2023-5d51a42413)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5d51a42413 advisory. Disable stringop-overflow warnings. Patch bfd-CVE-2023-1972 fixes a security issue in bfd library. Tenable has extracted the preceding description...

Fedora: Security Advisory for insight (FEDORA-2023-5d51a42413)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: insight-13.0.50.20220502-9.fc36

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

Fedora: Security Advisory for insight (FEDORA-2023-b4d1469b54)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for insight (FEDORA-2023-8a6a30c142)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: insight-13.0.50.20220502-9.fc38

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

[SECURITY] Fedora 37 Update: insight-13.0.50.20220502-9.fc37

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

What’s New in InsightIDR: Q1 2023 in Review

InsightIDR received a number of exciting updates in Q1 2023, including faster search, a redesigned UI, updated investigations, support for Insight Network Sensor, Enhanced Endpoint Telemetry, and more. In our effort to empower practitioners to feel confident in their detection and response...

Mageia: Security Advisory (MGASA-2023-0093)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-1304

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

Security Bulletin: InfoSphere Identity Insight vulnerable to server-side request forgery due to Apache CXF (CVE-2022-46364)

Summary InfoSphere Identity Insight includes IBM WebSphere Application Server Liberty, which has a vulnerability in the Apache CXF library when jaxws-2.2 feature is enabled. This has been addressed. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...