CVE-2023-1305 (GCVE-0-2023-1305)
Vulnerability from cvelistv5 – Published: 2023-03-21 16:51 – Updated: 2025-02-26 16:41
VLAI?
Summary
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
Severity ?
8.1 (High)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Rapid7 | InsightCloudSec |
Affected:
0 , ≤ 23.2.0
(semver)
|
Credits
Mike Alfaro of Nephosec
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.949Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"release-notes",
"x_transferred"
],
"url": "https://docs.divvycloud.com/changelog/23321-release-notes"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://nephosec.com/exploiting-rapid7s-insightcloudsec/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-1305",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:40:25.217567Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:41:01.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "InsightCloudSec",
"vendor": "Rapid7",
"versions": [
{
"lessThanOrEqual": "23.2.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mike Alfaro of Nephosec"
}
],
"datePublic": "2023-03-21T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authenticated attacker can leverage an exposed \u201cbox\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An authenticated attacker can leverage an exposed \u201cbox\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653: Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T16:51:43.225Z",
"orgId": "9974b330-7714-4307-a722-5648477acda7",
"shortName": "rapid7"
},
"references": [
{
"tags": [
"release-notes"
],
"url": "https://docs.divvycloud.com/changelog/23321-release-notes"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://nephosec.com/exploiting-rapid7s-insightcloudsec/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Rapid7 InsightCloudSec box object access ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
"assignerShortName": "rapid7",
"cveId": "CVE-2023-1305",
"datePublished": "2023-03-21T16:51:43.225Z",
"dateReserved": "2023-03-09T22:23:15.209Z",
"dateUpdated": "2025-02-26T16:41:01.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rapid7:insightappsec:*:*:*:*:self-managed:*:*:*\", \"versionEndExcluding\": \"23.2.1\", \"matchCriteriaId\": \"65FCB38E-8FDE-43D4-A62E-BBAD43FFBC97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:managed:*:*:*\", \"versionEndExcluding\": \"2023.02.01\", \"matchCriteriaId\": \"2005649C-D913-4281-9E35-6E342C7E6D21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:saas:*:*:*\", \"versionEndExcluding\": \"2023.02.01\", \"matchCriteriaId\": \"D88FD323-9DA9-497D-BC99-F30C66E33096\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An authenticated attacker can leverage an exposed \\u201cbox\\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\\n\\n\"}]",
"id": "CVE-2023-1305",
"lastModified": "2024-11-21T07:38:53.127",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}]}",
"published": "2023-03-21T17:15:11.727",
"references": "[{\"url\": \"https://docs.divvycloud.com/changelog/23321-release-notes\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://nephosec.com/exploiting-rapid7s-insightcloudsec/\", \"source\": \"cve@rapid7.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://docs.divvycloud.com/changelog/23321-release-notes\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://nephosec.com/exploiting-rapid7s-insightcloudsec/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@rapid7.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"cve@rapid7.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-653\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-1305\",\"sourceIdentifier\":\"cve@rapid7.com\",\"published\":\"2023-03-21T17:15:11.727\",\"lastModified\":\"2025-02-26T17:15:15.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An authenticated attacker can leverage an exposed \u201cbox\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"cve@rapid7.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-653\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rapid7:insightappsec:*:*:*:*:self-managed:*:*:*\",\"versionEndExcluding\":\"23.2.1\",\"matchCriteriaId\":\"65FCB38E-8FDE-43D4-A62E-BBAD43FFBC97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:managed:*:*:*\",\"versionEndExcluding\":\"2023.02.01\",\"matchCriteriaId\":\"2005649C-D913-4281-9E35-6E342C7E6D21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rapid7:insightcloudsec:*:*:*:*:saas:*:*:*\",\"versionEndExcluding\":\"2023.02.01\",\"matchCriteriaId\":\"D88FD323-9DA9-497D-BC99-F30C66E33096\"}]}]}],\"references\":[{\"url\":\"https://docs.divvycloud.com/changelog/23321-release-notes\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nephosec.com/exploiting-rapid7s-insightcloudsec/\",\"source\":\"cve@rapid7.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://docs.divvycloud.com/changelog/23321-release-notes\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://nephosec.com/exploiting-rapid7s-insightcloudsec/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"InsightCloudSec\", \"vendor\": \"Rapid7\", \"versions\": [{\"lessThanOrEqual\": \"23.2.0\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Mike Alfaro of Nephosec\"}], \"datePublic\": \"2023-03-21T16:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"An authenticated attacker can leverage an exposed \\u201cbox\\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\u003cbr\u003e\u003cbr\u003e\"}], \"value\": \"An authenticated attacker can leverage an exposed \\u201cbox\\u201d object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.\\n\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-653\", \"description\": \"CWE-653: Improper Isolation or Compartmentalization\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"9974b330-7714-4307-a722-5648477acda7\", \"shortName\": \"rapid7\", \"dateUpdated\": \"2023-03-21T16:51:43.225Z\"}, \"references\": [{\"tags\": [\"release-notes\"], \"url\": \"https://docs.divvycloud.com/changelog/23321-release-notes\"}, {\"tags\": [\"third-party-advisory\"], \"url\": \"https://nephosec.com/exploiting-rapid7s-insightcloudsec/\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Rapid7 InsightCloudSec box object access \", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:40:59.949Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"release-notes\", \"x_transferred\"], \"url\": \"https://docs.divvycloud.com/changelog/23321-release-notes\"}, {\"tags\": [\"third-party-advisory\", \"x_transferred\"], \"url\": \"https://nephosec.com/exploiting-rapid7s-insightcloudsec/\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-1305\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T16:40:25.217567Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-26T16:40:51.603Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2023-1305\", \"assignerOrgId\": \"9974b330-7714-4307-a722-5648477acda7\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"rapid7\", \"dateReserved\": \"2023-03-09T22:23:15.209Z\", \"datePublished\": \"2023-03-21T16:51:43.225Z\", \"dateUpdated\": \"2025-02-26T16:41:01.279Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…