CVE-2023-2226 – Velociraptor crashes while parsing some malformed PE or OLE files.
https://notcve.org/view.php?id=CVE-2023-2226
Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts. • https://github.com/Velocidex/velociraptor • CWE-125: Out-of-bounds Read •
CVE-2023-1699 – Rapid7 Nexpose Forced Browsing
https://notcve.org/view.php?id=CVE-2023-1699
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187. • https://docs.rapid7.com/release-notes/nexpose/20230329 • CWE-425: Direct Request ('Forced Browsing') •
CVE-2021-3844 – Rapid7 InsightVM Insufficient Session Expiration
https://notcve.org/view.php?id=CVE-2021-3844
Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638. • https://docs.rapid7.com/insightvm/enable-insightvm-platform-login https://www.cve.org/cverecord?id=CVE-2019-5638 • CWE-613: Insufficient Session Expiration •
CVE-2023-1306 – Rapid7 InsightCloudSec resource.db() method access
https://notcve.org/view.php?id=CVE-2023-1306
An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. • https://docs.divvycloud.com/changelog/23321-release-notes https://nephosec.com/exploiting-rapid7s-insightcloudsec • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-1305 – Rapid7 InsightCloudSec box object access
https://notcve.org/view.php?id=CVE-2023-1305
An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. • https://docs.divvycloud.com/changelog/23321-release-notes https://nephosec.com/exploiting-rapid7s-insightcloudsec • CWE-653: Improper Isolation or Compartmentalization •