An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HRapid7 Insightappsec
APPRapid7< 23.2.1Rapid7 Insightcloudsec
APPRapid7< 2023.02.01
Related vulnerabilities
An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands...
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, pr...
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of t...
OS Command Injection vulnerability in the process_string action of Rapid7 InsightConnect AWK Plugin on Linux a...
OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows rem...