An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
References
| Link | Resource |
|---|---|
| https://docs.divvycloud.com/changelog/23321-release-notes | Release Notes |
| https://nephosec.com/exploiting-rapid7s-insightcloudsec/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:03
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. |
28 Mar 2023, 16:44
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:managed:*:*:* cpe:2.3:a:rapid7:insightappsec:*:*:*:*:self-managed:*:*:* cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:saas:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| First Time |
Rapid7 insightappsec
Rapid7 insightcloudsec Rapid7 |
|
| References | (MISC) https://docs.divvycloud.com/changelog/23321-release-notes - Release Notes | |
| References | (MISC) https://nephosec.com/exploiting-rapid7s-insightcloudsec/ - Exploit, Third Party Advisory | |
| CWE | CWE-94 |
21 Mar 2023, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-21 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-1304
Mitre link : CVE-2023-1304
CVE.ORG link : CVE-2023-1304
JSON object : View
Products Affected
rapid7
- insightappsec
- insightcloudsec
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')