CVE-2023-1304 (insightappsec, insightcloudsec) | allinfosecnews.com

March 21, 2023, 5:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.

actions cve exposed february insightappsec insightcloudsec issue managed private saas template version

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months ago | web.nvd.nist.gov

attackers cve denial of service issue +1

CVE-2023-40101 (android) 6 months ago | web.nvd.nist.gov

android check collapse cve +7

CVE-2023-21377 (android) 6 months ago | web.nvd.nist.gov

android bypass cve disclosure +8

CVE-2023-21380 (android) 6 months ago | web.nvd.nist.gov

android bluetooth buffer buffer overflow +9

CVE-2023-21382 (android) 6 months ago | web.nvd.nist.gov

access android check cve +11

CVE-2023-21381 (android) 6 months ago | web.nvd.nist.gov

android arbitrary code code code execution +10

CVE-2023-21385 (android) 6 months ago | web.nvd.nist.gov

android corruption cve disclosure +7

CVE-2023-21387 (android) 6 months ago | web.nvd.nist.gov

android backup bypass cve +11

CVE-2023-21389 (android) 6 months ago | web.nvd.nist.gov

android bypass check cve +10

Director, Cyber Risk

@ Kroll | South Africa

View on infosec-jobs.com

Security Engineer, XRM

@ Meta | New York City

View on infosec-jobs.com

Security Analyst 3

@ Oracle | Romania

View on infosec-jobs.com

Internship - Cyber Security Operations

@ SES | Betzdorf, LU

View on infosec-jobs.com

Principal Product Manager (Network/Security Management) - NetSec

@ Palo Alto Networks | Bengaluru, India

View on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany

View on infosec-jobs.com