An authenticated attacker can leverage an exposed “box”...
High severity
Unreviewed
Published
Jul 6, 2023
to the GitHub Advisory Database
•
Updated Apr 11, 2024
Description
Published by the National Vulnerability Database
Mar 21, 2023
Published to the GitHub Advisory Database
Jul 6, 2023
Last updated
Apr 11, 2024
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
References