Rapid7 Insightcloudsec
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Rapid7 Insightcloudsec.
By the Year
In 2026 there have been 0 vulnerabilities in Rapid7 Insightcloudsec. Insightcloudsec did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 3 | 8.57 |
It may take a day or so for new Insightcloudsec vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Rapid7 Insightcloudsec Security Vulnerabilities
Code Exec via Jinja Template in InsightCloudSec <= 23.2.1
CVE-2023-1306
8.8 - High
- March 21, 2023
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
Code Injection
InsightCloudSec Arbitrary File Read/Write via Box Obj (23.2.1)
CVE-2023-1305
8.1 - High
- March 21, 2023
An authenticated attacker can leverage an exposed box object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
InsightCloudSec Jinja getattr() Command Injection (<=23.2.1)
CVE-2023-1304
8.8 - High
- March 21, 2023
An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Rapid7 Insightcloudsec or by Rapid7? Click the Watch button to subscribe.
