4 matches found
CVE-2023-1306
creationtimestamp| type| source ---|---|--- 2023-03-21 19:59:30+00:00| seen| https://t.me/cibsecurity/60397...
CVE-2023-1306 Rapid7 InsightCloudSec resource.db() method access
An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...
CVE-2023-1306 Rapid7 InsightCloudSec resource.db() method access
An authenticated attacker can leverage an exposed resource.db accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version o...
CVE-2023-1306
CVE-2023-1306 affects Rapid7 InsightCloudSec. An authenticated attacker could abuse an exposed resource.db() accessor to smuggle Python methods via a Jinja template, enabling code execution. Mitigation: upgrade to InsightCloudSec 23.2.1 (Self-Managed) or apply the managed/SaaS patch released on 2...