An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions
Reporter | Title | Published | Views | Family All 3 |
---|---|---|---|---|
![]() | CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access | 21 Mar 202316:45 | – | cvelist |
![]() | Code injection | 21 Mar 202317:15 | – | prion |
![]() | CVE-2023-1304 | 21 Mar 202317:15 | – | nvd |
[
{
"defaultStatus": "unaffected",
"product": "InsightCloudSec",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "23.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo