| |
Vulnerability CVE-2023-1306
Published: 2023-03-21
| Description: |
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. |
References: |
https://nephosec.com/exploiting-rapid7s-insightcloudsec/
https://docs.divvycloud.com/changelog/23321-release-notes
|
|
|
Copyright 2023, cxsecurity.com
|
|
|
