{"vulnerability": "CVE-2023-30617", "sightings": [{"uuid": "99830c77-7037-4fa2-84e9-e97ab8d5e4bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/172118", "content": "https://ift.tt/Y540nqU\nCVE-2023-30617 | openkruise Kruise up to 1.3.0/1.4.0/1.5.1 kruise-daemon pod unnecessary privileges (GHSA-437m-7hj5-9mpw)", "creation_timestamp": "2024-01-23T16:56:40.000000Z"}, {"uuid": "0ffb5cc7-ce5d-4ebb-ab40-f40669908c93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/cibsecurity/74322", "content": "\u203c\ufe0fCVE-2023-30617\u203c\ufe0f\n\nKruise provides automated management of largescale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruisedaemon run can leverage the kruisedaemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets e.g. the kruisemanager service account token to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruisedaemonrole to drop the cluster level secret getlist privilege.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-04T01:36:04.000000Z"}, {"uuid": "c3f4a59f-e814-4b6e-a48e-dad0044535f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/arpsyndicate/2496", "content": "#ExploitObserverAlert\n\nCVE-2023-30617\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-30617. Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.", "creation_timestamp": "2024-01-05T16:46:11.000000Z"}, {"uuid": "e87dfa89-8dbd-40c0-b563-d0480ead69c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30617", "type": "seen", "source": "https://t.me/ctinow/162473", "content": "https://ift.tt/n4mLBOq\nCVE-2023-30617", "creation_timestamp": "2024-01-03T17:26:50.000000Z"}]}