Security Advisory

CVE-2023-1306

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-21 16:53:17

Last updated 2025-02-26 16:39:23

Assigner rapid7

State PUBLISHED

Description

An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.

← Browse all CVEs View on cve.org ↗