CVE-2023-1306

Name of the Vulnerable Software and Affected Versions InsightCloudSec versions prior to 23.2.1

Description An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023.

Recommendations For versions prior to 23.2.1, update to version 23.2.1 to resolve the issue. As a temporary workaround, consider restricting access to the resource.db() accessor method until a patch is available.