An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: rapid7
Published: 2023-03-21T16:45:49.560Z
Updated: 2024-08-02T05:41:00.275Z
Reserved: 2023-03-09T22:23:14.145Z
Link: CVE-2023-1304
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-03-21T17:15:11.557
Modified: 2024-11-21T07:38:52.993
Link: CVE-2023-1304
Redhat
No data.