Lucene search

K

CVE-2023-1304

🗓️ 21 Mar 2023 17:11:15Reported by rapid7Type 
cve
 cve
🔗 web.nvd.nist.gov👁 21 Views

An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions

Show more
Related
Detection
Affected
Refs
ReporterTitlePublishedViews
Family
Cvelist
CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access
21 Mar 202316:45
cvelist
Prion
Code injection
21 Mar 202317:15
prion
NVD
CVE-2023-1304
21 Mar 202317:15
nvd
Nvd
Node
rapid7insightappsecRange<23.2.1self-managed
OR
rapid7insightcloudsecRange<2023.02.01managed
OR
rapid7insightcloudsecRange<2023.02.01saas
[
  {
    "defaultStatus": "unaffected",
    "product": "InsightCloudSec",
    "vendor": "Rapid7",
    "versions": [
      {
        "lessThanOrEqual": "23.2.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo