Auto-Update: 2023-04-26T10:00:24.075044+00:00

2025-07-09 16:05:11 +00:00 · 2023-04-26 12:00:27 +02:00 · 2023-04-26 12:00:27 +02:00 · 9efd05a2f9
commit 9efd05a2f9
parent 604c4dbfd3
2 changed files with 61 additions and 6 deletions
--- a/CVE-2023/CVE-2023-22xx/CVE-2023-2273.json
+++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2273.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-2273",
+  "sourceIdentifier": "cve@rapid7.con",
+  "published": "2023-04-26T09:15:09.117",
+  "lastModified": "2023-04-26T09:15:09.117",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@rapid7.con",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@rapid7.con",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://docs.rapid7.com/release-notes/insightagent/20230425/",
+      "source": "cve@rapid7.con"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD in 2 hour periods.
 ### Last repository update

 ```plain
-2023-04-26T08:00:09.444056+00:00
+2023-04-26T10:00:24.075044+00:00
 ```

 ### Most recent CVE modification timestamp synchronized with NVD

 ```plain
-2023-04-26T06:15:09.283000+00:00
+2023-04-26T09:15:09.117000+00:00
 ```

 ### Last Data Feed release
@ -23,20 +23,20 @@ Repository synchronizes with the NVD in 2 hour periods.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-datafeeds/releases/latest)

 ```plain
-2023-04-25T22:00:21.008144+00:00
+2023-04-26T08:04:06.457730+00:00
 ```

 ### Total numbers of included CVEs

-```plain
-213578
+```plai#n
+213579
 ```

 ### CVEs added in the last commit

 Recently added CVEs: `1`

-* CVE-2023-2294 (*2023-04-26T06:15:09.283*)
+* CVE-2023-2273 (*2023-04-26T09:15:09.117*)


 ### CVEs modified in the last commit