漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Rapid7 InsightCloudSec box object access
Vulnerability Description
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
CVSS Information
N/A
Vulnerability Type
不充分的划分
Vulnerability Title
InsightCloudSec 安全漏洞
Vulnerability Description
InsightCloudSec是InsightCloudSec公司的一个完全集成的云原生安全平台。 InsightCloudSec 23.3.21之前版本存在安全漏洞,该漏洞源于攻击者可以利用暴露的“box”对象从磁盘读取和写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A