Vulnerabilities > Rapid7 > Insightappsec

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2023-1304 Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec
An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods.
network
low complexity
rapid7 CWE-94
8.8
2023-03-21 CVE-2023-1305 Unspecified vulnerability in Rapid7 Insightappsec and Insightcloudsec
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON.
network
low complexity
rapid7
8.1
2023-03-21 CVE-2023-1306 Code Injection vulnerability in Rapid7 Insightappsec and Insightcloudsec
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution.
network
low complexity
rapid7 CWE-94
8.8
2019-08-19 CVE-2019-5631 Untrusted Search Path vulnerability in Rapid7 Insightappsec
The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product.
local
low complexity
rapid7 CWE-426
7.8