Rapid7 InsightCloudSec getattr() method access
CVE-2023-1304

8.8HIGH

Key Information:

Vendor: Rapid7
Status: Insightcloudsec
Vendor: CVE Published:; 21 March 2023

Badges

👾 Exploit Exists

What is CVE-2023-1304?

An authenticated attacker can exploit a vulnerable getattr() method exposed through Jinja templates within Rapid7's InsightCloudSec. This exploitation enables the smuggling of operating system commands and unauthorized access to normally private functionalities. The issue was addressed in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 for the Self-Managed variant of InsightCloudSec.

Affected Version(s)

InsightCloudSec 0 <= 23.2.0

References

https://docs.divvycloud.com/changelog/23321-release-notes

release-notes

https://nephosec.com/exploiting-rapid7s-insightcloudsec/

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 21, 2023
👾
Exploit known to exist
Mar 21, 2023
Vulnerability published
Mar 21, 2023
Vulnerability Reserved
Mar 9, 2023

Credit

Mike Alfaro of Nephosec