Insightconnect Compression Plugin
Monthly
Path traversal in Rapid7 InsightConnect's Compression Plugin on Linux allows authenticated attackers with high privileges to write files to arbitrary paths on the underlying host via crafted archive filenames passed to the create_archive function. Impact is constrained to file corruption - the attacker can control write destination but not write content, preventing code execution via this vector alone. No public exploit code exists and no KEV listing is present; the low CVSS score of 3.3 reflects the high authentication bar and limited impact scope.
Path traversal in Rapid7 InsightConnect's Compression Plugin on Linux allows authenticated attackers with high privileges to write files to arbitrary paths on the underlying host via crafted archive filenames passed to the create_archive function. Impact is constrained to file corruption - the attacker can control write destination but not write content, preventing code execution via this vector alone. No public exploit code exists and no KEV listing is present; the low CVSS score of 3.3 reflects the high authentication bar and limited impact scope.