Insightconnect Rpm Plugin
Monthly
OS command injection in the Rapid7 InsightConnect RPM Plugin on Linux lets authenticated users run arbitrary operating-system commands by injecting shell metacharacters into the repo, key, or name parameters, which are concatenated into a shell command without sanitization (CWE-78). All versions before 1.0.2 are affected. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.73%, 50th percentile).
OS command injection in the Rapid7 InsightConnect RPM Plugin on Linux lets authenticated users run arbitrary operating-system commands by injecting shell metacharacters into the repo, key, or name parameters, which are concatenated into a shell command without sanitization (CWE-78). All versions before 1.0.2 are affected. There is no public exploit identified at time of analysis, and the EPSS probability is low (0.73%, 50th percentile).