Insightconnect Tr Plugin
Monthly
OS command injection in Rapid7's InsightConnect Translate (TR) Plugin on Linux lets remote attackers run arbitrary shell commands by injecting into the 'text' or 'expression' parameters of the TR action, which are concatenated into a shell command without sanitization (CWE-78). All plugin versions before 2.0.3 are affected. There is no public exploit identified at time of analysis and EPSS is low (0.55%), but the flaw yields full system compromise per the vendor's own SSVC 'total' technical-impact rating.
OS command injection in Rapid7's InsightConnect Translate (TR) Plugin on Linux lets remote attackers run arbitrary shell commands by injecting into the 'text' or 'expression' parameters of the TR action, which are concatenated into a shell command without sanitization (CWE-78). All plugin versions before 2.0.3 are affected. There is no public exploit identified at time of analysis and EPSS is low (0.55%), but the flaw yields full system compromise per the vendor's own SSVC 'total' technical-impact rating.