{"vulnerability": "cve-2022-39395", "sightings": [{"uuid": "a5ac7ea4-b309-4957-8183-a33b9c37ed72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3211", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T02:36:59.000000Z"}, {"uuid": "dc4bf1e6-6c07-43c7-8fd2-d3f5aa15e3bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3216", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T03:22:20.000000Z"}, {"uuid": "276cf41a-a84f-47e1-ba25-1cd242f40f5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3215", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T03:13:14.000000Z"}, {"uuid": "ef66e414-80ca-4ff8-bbc7-4d232dfbec05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3214", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T03:04:12.000000Z"}, {"uuid": "cec13af0-804e-4bc4-8fc7-08b27f52b7af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3221", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T04:06:45.000000Z"}, {"uuid": "e750d8cf-643b-4262-a1cf-3596dc48de21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3220", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T03:57:39.000000Z"}, {"uuid": "04f140c5-c222-4855-acfe-ed5c3432d685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3219", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T03:48:36.000000Z"}, {"uuid": "8b9496f9-820c-4bb1-8aa2-67f2216a7d23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3209", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T02:18:48.000000Z"}, {"uuid": "8b4914ce-d721-49ab-8dce-7cc0897fed71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3210", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T02:27:51.000000Z"}, {"uuid": "19b7d2f3-8177-4da5-98fd-1778de60e76d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3208", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T05:56:11.000000Z"}, {"uuid": "8c37d85f-a109-4b01-af43-bd2f4cdd5e0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3213", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T02:55:01.000000Z"}, {"uuid": "dd31a1ff-7cc3-4561-8e24-f21a3650d442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3217", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T03:31:26.000000Z"}, {"uuid": "df1ad682-cef9-49ef-856f-0a570dd978b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3226", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T04:51:08.000000Z"}, {"uuid": "6a3b109a-b2dd-402f-ab87-2a380480d0b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3218", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T03:40:27.000000Z"}, {"uuid": "4eadd668-a968-4cc0-8c7d-f27e807a4c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3225", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T04:42:07.000000Z"}, {"uuid": "7e4c9936-f4d8-4889-ac36-28ab416d944e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3223", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T04:24:54.000000Z"}, {"uuid": "d3819ad1-bab7-49ff-bab7-85ba0abe3b4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3222", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T04:15:51.000000Z"}, {"uuid": "173aba9e-c757-4523-8478-3ab47fcaee90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3230", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T05:30:01.000000Z"}, {"uuid": "e56f6d96-e08d-46d7-81af-aa262d159740", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3229", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T05:20:58.000000Z"}, {"uuid": "b1a3c312-e5b7-4e1c-84a5-9968722c875e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3228", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T05:12:02.000000Z"}, {"uuid": "183a4235-5c6a-4328-842b-51275920552e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3227", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T05:00:12.000000Z"}, {"uuid": "20369eb7-6408-416c-b798-06f819ba58c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3224", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T04:33:58.000000Z"}, {"uuid": "22174a6a-696a-446a-9657-5c9e861985fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3212", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T02:46:01.000000Z"}, {"uuid": "4b93057b-0cf2-4132-9f38-44491a83e619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3231", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-39395 valid pay\nURL\uff1ahttps://github.com/harry1osborn/CVE-2022-39395\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-11-10T05:39:03.000000Z"}, {"uuid": "f98fe98a-31e9-4d6f-b15d-6f9633fc9378", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-39395", "type": "seen", "source": "https://t.me/cibsecurity/52880", "content": "\u203c CVE-2022-39395 \u203c\n\nVela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to Server 0.16.0, Worker 0.16.0, and UI 0.17.0 to fix the issue. After upgrading, Vela administrators will need to explicitly change the default settings to configure Vela as desired. Some of the fixes will interrupt existing workflows and will require Vela administrators to modify default settings. However, not applying the patch (or workarounds) will continue existing risk exposure. Some workarounds are available. Vela administrators can adjust the worker's `VELA_RUNTIME_PRIVILEGED_IMAGES` setting to be explicitly empty, leverage the `VELA_REPO_ALLOWLIST` setting on the server component to restrict access to a list of repositories that are allowed to be enabled, and/or audit enabled repositories and disable pull_requests if they are not needed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-13T05:45:10.000000Z"}]}