Description

Arbitrary File Read vulnerability in Rapid7 InsightConnect Sed Plugin on Linux allows authenticated attackers to read arbitrary files via the expression parameter due to insufficient input validation.

Severity (CVSS)

Base score6.5
SeverityMedium
VersionCVSS 3.1
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Provided byCNA

Weaknesses

  • CWE-22 — CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Affected products

VendorProductVersions
Rapid7InsightConnect Sed Plugin0 to <2.0.5; 2.0.5

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 25 Jun 2026 10:14 UTC.