OpenCVE

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rapid7	Insightappsec Insightcloudsec

Configuration 1 [-]

OR	cpe:2.3:a:rapid7:insightappsec:::::self-managed:::*
	cpe:2.3:a:rapid7:insightcloudsec:::::managed:::*
	cpe:2.3:a:rapid7:insightcloudsec:::::saas:::*

No data.

References

Link	Providers
https://docs.divvycloud.com/changelog/23321-release-notes
https://nephosec.com/exploiting-rapid7s-insightcloudsec/

History

No history.

MITRE

Status: PUBLISHED

Assigner: rapid7

Published: 2023-03-21T16:51:43.225Z

Updated: 2024-08-02T05:40:59.949Z

Reserved: 2023-03-09T22:23:15.209Z

Link: CVE-2023-1305

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-21T17:15:11.727

Modified: 2024-11-21T07:38:53.127

Link: CVE-2023-1305

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1305", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2023-03-09T22:23:15.209Z", "datePublished": "2023-03-21T16:51:43.225Z", "dateUpdated": "2024-08-02T05:40:59.949Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "InsightCloudSec", "vendor": "Rapid7", "versions": [{"lessThanOrEqual": "23.2.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mike Alfaro of Nephosec"}], "datePublic": "2023-03-21T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An authenticated attacker can leverage an exposed \u201cbox\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.<br><br>"}], "value": "An authenticated attacker can leverage an exposed \u201cbox\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-653", "description": "CWE-653: Improper Isolation or Compartmentalization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2023-03-21T16:51:43.225Z"}, "references": [{"tags": ["release-notes"], "url": "https://docs.divvycloud.com/changelog/23321-release-notes"}, {"tags": ["third-party-advisory"], "url": "https://nephosec.com/exploiting-rapid7s-insightcloudsec/"}], "source": {"discovery": "UNKNOWN"}, "title": "Rapid7 InsightCloudSec box object access ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:40:59.949Z"}, "title": "CVE Program Container", "references": [{"tags": ["release-notes", "x_transferred"], "url": "https://docs.divvycloud.com/changelog/23321-release-notes"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://nephosec.com/exploiting-rapid7s-insightcloudsec/"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rapid7:insightappsec:*:*:*:*:self-managed:*:*:*", "matchCriteriaId": "65FCB38E-8FDE-43D4-A62E-BBAD43FFBC97", "versionEndExcluding": "23.2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:managed:*:*:*", "matchCriteriaId": "2005649C-D913-4281-9E35-6E342C7E6D21", "versionEndExcluding": "2023.02.01", "vulnerable": true}, {"criteria": "cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:saas:*:*:*", "matchCriteriaId": "D88FD323-9DA9-497D-BC99-F30C66E33096", "versionEndExcluding": "2023.02.01", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An authenticated attacker can leverage an exposed \u201cbox\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\n\n"}], "id": "CVE-2023-1305", "lastModified": "2024-11-21T07:38:53.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-21T17:15:11.727", "references": [{"source": "cve@rapid7.com", "tags": ["Release Notes"], "url": "https://docs.divvycloud.com/changelog/23321-release-notes"}, {"source": "cve@rapid7.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://nephosec.com/exploiting-rapid7s-insightcloudsec/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://docs.divvycloud.com/changelog/23321-release-notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://nephosec.com/exploiting-rapid7s-insightcloudsec/"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-653"}], "source": "cve@rapid7.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}