Lucene search
+L
Rapid7Insightappsec

4 matches found

CVE
CVE
added 2019/08/19 2:32 p.m.59 views

CVE-2019-5631

The CVE-2019-5631 issue affects Rapid7 InsightAppSec broker, specifically the prunsrv.exe component, with a DLL injection vulnerability that allows a local authenticated user to escalate privileges to the InsightAppSec/SYSTEM level. Affected version: 2019.06.24 and earlier. The vulnerability is d...

9.3CVSS7.5AI score0.0106EPSS
CVE
CVE
added 2023/03/21 4:51 p.m.56 views

CVE-2023-1305

CVE-2023-1305 affects Rapid7 InsightCloudSec where an authenticated attacker could leverage an exposed “box” object to read and write arbitrary files on disk as long as they are parsable as YAML/JSON. The issue has been mitigated in the Managed and SaaS deployments as of February 1, 2023 and in t...

8.1CVSS8AI score0.00777EPSS
CVE
CVE
added 2023/03/21 4:53 p.m.53 views

CVE-2023-1306

CVE-2023-1306 affects Rapid7 InsightCloudSec. An authenticated attacker could abuse an exposed resource.db() accessor to smuggle Python methods via a Jinja template, enabling code execution. Mitigation: upgrade to InsightCloudSec 23.2.1 (Self-Managed) or apply the managed/SaaS patch released on 2...

8.8CVSS8.7AI score0.01208EPSS
CVE
CVE
added 2023/03/21 4:45 p.m.51 views

CVE-2023-1304

CVE-2023-1304 affects InsightCloudSec. An authenticated attacker can use an exposed getattr() via a Jinja template to smuggle OS commands and invoke actions normally restricted to private methods. Affected are InsightCloudSec versions prior to the fixes; the issue was resolved in Managed and SaaS...

8.8CVSS8.6AI score0.01079EPSS