CVE-2023-1305

HIGH Year: 2023
CVSS v3 Score
8.1
High
Weakness Type
CWE-653
View all →

Vulnerability Description

An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.

Related Vulnerabilities

CVE-2024-0135

HIGH
CVSS:7.6(High)

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to modification of a host binary. A successful exploit of this vulnerability ...

CWE-6532024

CVE-2024-0136

HIGH
CVSS:7.6(High)

NVIDIA Container Toolkit contains an improper isolation vulnerability where a specially crafted container image could lead to untrusted code obtaining read and write access to host devices. This vulne...

CWE-6532024

CVE-2024-47520

HIGH
CVSS:7.6(High)

A user with advanced report application access rights can perform actions for which they are not authorized

CWE-6532024

CVE-2024-20285

HIGH
CVSS:8.8(High)

A vulnerability in the Python interpreter of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlyi...

CWE-6532024

CVE-2025-4083

CRITICAL
CVSS:9.1(Critical)

A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended fr...

CWE-6532025

CVE-2024-30388

HIGH
CVSS:6.5(Medium)

An Improper Isolation or Compartmentalization vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series and EX Series allows an unauthenticated, adjacent attac...

CWE-6532024