4 matches found
CVE-2023-1304
creationtimestamp| type| source ---|---|--- 2023-03-21 19:34:55+00:00| seen| https://t.me/cibsecurity/60388 2025-02-25 19:23:56+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5363...
CVE-2023-1304
CVE-2023-1304 affects InsightCloudSec. An authenticated attacker can use an exposed getattr() via a Jinja template to smuggle OS commands and invoke actions normally restricted to private methods. Affected are InsightCloudSec versions prior to the fixes; the issue was resolved in Managed and SaaS...
CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...
CVE-2023-1304 Rapid7 InsightCloudSec getattr() method access
An authenticated attacker can leverage an exposed getattr method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the...