Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 04 May 2026 14:57:37 +0000 e87dfa89-8dbd-40c0-b563-d0480ead69c3 https://vulnerability.circl.lu/sighting/e87dfa89-8dbd-40c0-b563-d0480ead69c3/export {"uuid": "e87dfa89-8dbd-40c0-b563-d0480ead69c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/162473", "content": "https://ift.tt/n4mLBOq\nCVE-2023-30617", "creation_timestamp": "2024-01-03T17:26:50.000000Z"} {"uuid": "e87dfa89-8dbd-40c0-b563-d0480ead69c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/162473", "content": "https://ift.tt/n4mLBOq\nCVE-2023-30617", "creation_timestamp": "2024-01-03T17:26:50.000000Z"} https://vulnerability.circl.lu/sighting/e87dfa89-8dbd-40c0-b563-d0480ead69c3/export Wed, 03 Jan 2024 17:26:50 +0000 0ffb5cc7-ce5d-4ebb-ab40-f40669908c93 https://vulnerability.circl.lu/sighting/0ffb5cc7-ce5d-4ebb-ab40-f40669908c93/export {"uuid": "0ffb5cc7-ce5d-4ebb-ab40-f40669908c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/cibsecurity/74322", "content": "\u203c\ufe0fCVE-2023-30617\u203c\ufe0f\n\nKruise provides automated management of largescale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruisedaemon run can leverage the kruisedaemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets e.g. the kruisemanager service account token to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruisedaemonrole to drop the cluster level secret getlist privilege.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:36:04.000000Z"} {"uuid": "0ffb5cc7-ce5d-4ebb-ab40-f40669908c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/cibsecurity/74322", "content": "\u203c\ufe0fCVE-2023-30617\u203c\ufe0f\n\nKruise provides automated management of largescale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruisedaemon run can leverage the kruisedaemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets e.g. the kruisemanager service account token to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruisedaemonrole to drop the cluster level secret getlist privilege.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:36:04.000000Z"} https://vulnerability.circl.lu/sighting/0ffb5cc7-ce5d-4ebb-ab40-f40669908c93/export Thu, 04 Jan 2024 01:36:04 +0000 c3f4a59f-e814-4b6e-a48e-dad0044535f3 https://vulnerability.circl.lu/sighting/c3f4a59f-e814-4b6e-a48e-dad0044535f3/export {"uuid": "c3f4a59f-e814-4b6e-a48e-dad0044535f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/arpsyndicate/2496", "content": "#ExploitObserverAlert\n\nCVE-2023-30617\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-30617. Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.", "creation_timestamp": "2024-01-05T16:46:11.000000Z"} {"uuid": "c3f4a59f-e814-4b6e-a48e-dad0044535f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/arpsyndicate/2496", "content": "#ExploitObserverAlert\n\nCVE-2023-30617\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-30617. Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.", "creation_timestamp": "2024-01-05T16:46:11.000000Z"} https://vulnerability.circl.lu/sighting/c3f4a59f-e814-4b6e-a48e-dad0044535f3/export Fri, 05 Jan 2024 16:46:11 +0000 99830c77-7037-4fa2-84e9-e97ab8d5e4bb https://vulnerability.circl.lu/sighting/99830c77-7037-4fa2-84e9-e97ab8d5e4bb/export {"uuid": "99830c77-7037-4fa2-84e9-e97ab8d5e4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/172118", "content": "https://ift.tt/Y540nqU\nCVE-2023-30617 | openkruise Kruise up to 1.3.0/1.4.0/1.5.1 kruise-daemon pod unnecessary privileges (GHSA-437m-7hj5-9mpw)", "creation_timestamp": "2024-01-23T16:56:40.000000Z"} {"uuid": "99830c77-7037-4fa2-84e9-e97ab8d5e4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/172118", "content": "https://ift.tt/Y540nqU\nCVE-2023-30617 | openkruise Kruise up to 1.3.0/1.4.0/1.5.1 kruise-daemon pod unnecessary privileges (GHSA-437m-7hj5-9mpw)", "creation_timestamp": "2024-01-23T16:56:40.000000Z"} https://vulnerability.circl.lu/sighting/99830c77-7037-4fa2-84e9-e97ab8d5e4bb/export Tue, 23 Jan 2024 16:56:40 +0000