Lucene search
K

4 matches found

Circl
Circl
added 2023/03/21 7:34 p.m.5 views

CVE-2023-1304

creationtimestamp| type| source ---|---|--- 2023-03-21 19:34:55+00:00| seen| https://t.me/cibsecurity/60388 2025-02-25 19:23:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5363...

8.8CVSS8.1AI score0.01079EPSS
Exploits1References2
CVE
CVE
added 2023/03/21 4:45 p.m.48 views

CVE-2023-1304

CVE-2023-1304 affects InsightCloudSec. An authenticated attacker can use an exposed getattr() via a Jinja template to smuggle OS commands and invoke actions normally restricted to private methods. Affected are InsightCloudSec versions prior to the fixes; the issue was resolved in Managed and SaaS...

8.8CVSS8.6AI score0.01079EPSS
Exploits1References2Affected Software2
Cvelist
Cvelist
added 2023/03/21 4:45 p.m.18 views

CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

8.8AI score0.01079EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/03/21 4:45 p.m.9 views

CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access

An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...

8.6AI score0.01079EPSS
Exploits1References2
Rows per page
Query Builder