Improved
- Updated dependencies for the Insight Agent: We updated the Insight Agent's Python version to 3.11.1 and OpenSSL version to 1.1.1t to remediate vulnerabilities associated with older versions. In addition, we included a SHA3 library dependency necessary for determining agent versions using the command line.
- Disk usage throttling for the Endpoint Broker: The Endpoint Broker component that's packaged with the Insight Agent is now aware of the disk space that it consumes while executing its scripts in the
/tempfolder. The size of this folder will now be limited to 2GB or 50% of the free space on the disk (whichever is smaller).
Fixed
- Manually updating a Windows-edition Insight Agent with a command line operation run against a later release of the MSI installer now correctly retains the agent's original universal unique identifier (UUID). This fix ensures that manual agent updates like this won't produce duplicative agent instances in your Agent Management interface going forward.
Security Update
- We fixed CVE-2023-2273, a Directory Traversal vulnerability affecting the Insight Agent. This vulnerability could have allowed an attacker to write arbitrary files using CLI arguments whose input was previously unsanitized. This fix ensures that inputs attempting to exploit Directory Traversal are rejected going forward. This issue affects all Insight Agent versions up to and including 3.2.6. Rapid7 recommends updating all affected Insight Agents to version 3.3.0 to address this issue.
Other Changes
- We removed an obsolete Digital DNA library from the Windows edition of the Insight Agent.