{"vulnerability": "cve-2020-28914", "sightings": [{"uuid": "dc19982b-2a33-402e-af6f-135a636baefc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28914", "type": "seen", "source": "https://t.me/cibsecurity/16488", "content": "\u203c CVE-2020-28914 \u203c\n\nAn improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kubernetes hostPath volume and mounting either a file or directory into a container as readonly, the file/directory is mounted as readOnly inside the container, but is still writable inside the guest. For a container breakout situation, a malicious guest can potentially modify or delete files/directories expected to be read-only.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-18T00:39:35.000000Z"}, {"uuid": "3ac68471-1ab4-466e-9a05-14abc2ef1fc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28914", "type": "seen", "source": "https://t.me/bhhub/44", "content": "#BugBountyTips of the Day\n#Bugbounty I just got a P2 Accepted on @GoogleVRP, RCE as root in a Google's acquisition, fingers crossed   #infosec  https://t.co/4eZXBUeXlw\n---\nAtlassian agreed to publicly disclose my report which resulted in CVE-2020-28914 against @katacontainers, and netted my second largest bounty ever! Thanks to @Atlassian and @Bugcrowd \ud83d\ude0e #BugBounty  https://t.co/WsGayUzsqs\n---\nNew Video alert\ud83d\udea8! This week we're covering another type of API, GraphQL! GraphQL is a new tech so it's full of bugs, and actually really simple bugs\ud83d\ude2c. The difficult part of GQL is the syntax not the complex bugs, check it out!  https://t.co/n0HxSMeVls #BugBounty #bugbountytips  https://t.co/Lx9U4xiGG0\n---\nIt's released!  galer \u2014 A fast tool to fetch URLs from HTML attributes by crawl-in. Inspired by the @omespino Tweet.  See  https://t.co/8AlV5FuGQ7  #go #golang #spider #crawler #bugbounty #bugbountytips\n---\nI'm very pleased to announce, that I have chosen as a @Hacker0x01 Ambassador. \ud83e\udd73\ud83d\ude07 Thank you so much for this wonderful opportunity HackerOne.   #hackerone #bugbounty #infosec #togetherwehitharder", "creation_timestamp": "2020-12-03T13:37:04.000000Z"}]}