Vulnerability Description
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Rapid7 | Insightappsec | < 23.2.1 |
| Rapid7 | Insightcloudsec | < 2023.02.01 |
Related Weaknesses (CWE)
References
- https://docs.divvycloud.com/changelog/23321-release-notesRelease Notes
- https://nephosec.com/exploiting-rapid7s-insightcloudsec/ExploitThird Party Advisory
- https://docs.divvycloud.com/changelog/23321-release-notesRelease Notes
- https://nephosec.com/exploiting-rapid7s-insightcloudsec/ExploitThird Party Advisory
FAQ
What is CVE-2023-1306?
CVE-2023-1306 is a vulnerability with a CVSS score of 8.8 (HIGH). An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Ma...
How severe is CVE-2023-1306?
CVE-2023-1306 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-1306?
Check the references section above for vendor advisories and patch information. Affected products include: Rapid7 Insightappsec, Rapid7 Insightcloudsec.