{"vulnerability": "cve-2024-5228", "sightings": [{"uuid": "dcd62a6c-ad12-4837-8413-b27ddd77b6fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52288", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113465940893352359", "content": "", "creation_timestamp": "2024-11-11T19:20:58.355054Z"}, {"uuid": "e1e8d4ae-4aa7-4cd8-886d-d9e156a9b826", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52286", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113465940877149481", "content": "", "creation_timestamp": "2024-11-11T19:20:58.244200Z"}, {"uuid": "54b1eb20-8196-4744-8515-30676d4c01ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52281", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lfvsrmnemd2z", "content": "", "creation_timestamp": "2025-01-17T03:05:34.928362Z"}, {"uuid": "456111b4-dee1-4946-96a8-547f8474129b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52281", "type": "seen", "source": "https://bsky.app/profile/dinosn.bsky.social/post/3lfvvtwzne22g", "content": "", "creation_timestamp": "2025-01-17T04:00:36.237268Z"}, {"uuid": "b9e9de03-0444-4091-870f-b21ab8e6c73e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-52281", "type": "seen", "source": "https://bsky.app/profile/kyosuke-tanaka.bsky.social/post/3lfvww65ojs2m", "content": "", "creation_timestamp": "2025-01-17T04:19:42.972387Z"}, {"uuid": "9cfdbe67-49b9-441a-9f61-00d29ed06383", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52281", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3lg45cxyqjt2s", "content": "", "creation_timestamp": "2025-01-19T15:30:14.283527Z"}, {"uuid": "6ddfd64d-8ec8-40e5-88cd-89676ec643f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52285", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-072-04", "content": "", "creation_timestamp": "2025-03-13T11:00:00.000000Z"}, {"uuid": "fb050235-59f6-40f3-88db-cf41df16b814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52280", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmkdybgznr2u", "content": "", "creation_timestamp": "2025-04-11T15:37:56.210577Z"}, {"uuid": "5d3b7b26-7dcf-4576-8074-a0a62ee609bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52281", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmwfurs7p32i", "content": "", "creation_timestamp": "2025-04-16T10:43:47.728502Z"}, {"uuid": "09cab186-a140-402d-a13b-69b55facfade", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52280", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114319534961696220", "content": "", "creation_timestamp": "2025-04-11T13:21:11.176488Z"}, {"uuid": "602bcd9b-ffff-419d-9be1-0b2b00965281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52282", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114319534961696220", "content": "", "creation_timestamp": "2025-04-11T13:21:11.330377Z"}, {"uuid": "2aa83222-841d-4138-bbb3-35cf1777064a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52281", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114347245327546218", "content": "", "creation_timestamp": "2025-04-16T10:48:17.062280Z"}, {"uuid": "fde88bd8-ba4b-4ac5-bf6c-8490250e0a9f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52284", "type": "seen", "source": "https://bsky.app/profile/crowdcyber.bsky.social/post/3lxqwzmz5ps2m", "content": "", "creation_timestamp": "2025-09-01T06:11:49.599906Z"}, {"uuid": "367c44a6-5edd-406a-ac36-d8d99a4ff8b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-52284", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3lxs4epiyix2d", "content": "", "creation_timestamp": "2025-09-01T17:20:09.682298Z"}, {"uuid": "13601dbe-1d7a-41f1-9263-0368ae8d41a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52280", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11413", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52280\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher  which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. \nThis issue affects rancher: before 2175e09, before 6e30359, before c744f0b.\n\ud83d\udccf Published: 2025-04-11T11:12:44.180Z\n\ud83d\udccf Modified: 2025-04-11T11:12:44.180Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52280\n2. https://github.com/rancher/steve/security/advisories/GHSA-j5hq-5jcr-xwx7", "creation_timestamp": "2025-04-11T11:50:42.000000Z"}, {"uuid": "694c7689-89c2-4419-b1f8-0b2a0a6b51fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52282", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11416", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52282\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET\n access to the Rancher Manager Apps Catalog to read any sensitive information that are \ncontained within the Apps\u2019 values. Additionally, the same information \nleaks into auditing logs when the audit level is set to equal or above \n2.\n\nThis issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4.\n\ud83d\udccf Published: 2025-04-11T10:57:55.420Z\n\ud83d\udccf Modified: 2025-04-11T10:57:55.420Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52282\n2. https://github.com/rancher/rancher/security/advisories/GHSA-9c5p-35gj-jqp4", "creation_timestamp": "2025-04-11T11:50:45.000000Z"}, {"uuid": "66366075-fc37-497b-96a5-e78d8ef813fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52282", "type": "seen", "source": "https://t.me/cvedetector/22729", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52282 - SUSE Rancher Sensitive Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-52282 \nPublished : April 11, 2025, 11:15 a.m. | 18\u00a0minutes ago \nDescription : A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowing any users with GET  \n access to the Rancher Manager Apps Catalog to read any sensitive information that are   \ncontained within the Apps\u2019 values. Additionally, the same information   \nleaks into auditing logs when the audit level is set to equal or above   \n2.  \n  \nThis issue affects rancher: from 2.8.0 before 2.8.10, from 2.9.0 before 2.9.4. \nSeverity: 6.2 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T13:56:35.000000Z"}, {"uuid": "bbbc6940-11f1-4ecb-9cf7-a2a926f1e2b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52281", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11998", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-52281\n\ud83d\udd25 CVSS Score: 8.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L)\n\ud83d\udd39 Description: A: Improper Neutralization of Input During Web Page Generation vulnerability in SUSE rancher allows a malicious actor to perform a Stored XSS attack through the cluster description field.\nThis issue affects rancher: from 2.9.0 before 2.9.4.\n\ud83d\udccf Published: 2025-04-16T08:31:11.378Z\n\ud83d\udccf Modified: 2025-04-16T08:31:11.378Z\n\ud83d\udd17 References:\n1. https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-52281\n2. https://github.com/rancher/rancher/security/advisories/GHSA-2v2w-8v8c-wcm9", "creation_timestamp": "2025-04-16T08:55:57.000000Z"}, {"uuid": "65bedd38-b8a6-472a-baa5-dccab88417e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52280", "type": "seen", "source": "https://t.me/cvedetector/22751", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52280 - SUSE Rancher Information Disclosure Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52280 \nPublished : April 11, 2025, 12:15 p.m. | 1\u00a0hour, 29\u00a0minutes ago \nDescription : A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher  which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type.   \nThis issue affects rancher: before 2175e09, before 6e30359, before c744f0b. \nSeverity: 7.7 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-11T16:27:18.000000Z"}, {"uuid": "28e46528-0e2c-47d5-9d64-12e9f14df9b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52286", "type": "seen", "source": "https://t.me/cvedetector/10528", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52286 - Stirling-PDF HTML Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52286 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code in the context of the user. The issue stems to the code starting at `Line 24` in `src/main/resources/static/js/merge.js`. The file name is directly being input into InnerHTML with no sanitization on the file name, allowing a malicious user to be able to upload files with names containing HTML tags. As HTML tags can include JavaScript code, this can be used to execute JavaScript code in the context of the user. This is a self-injection style attack and relies on a user uploading the malicious file themselves and it impact only them, not other users. A user might be social engineered into running this to launch a phishing attack. Nevertheless, this breaks the expected security restrictions in place by the application. This issue has been addressed in version 0.32.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:43.000000Z"}, {"uuid": "a0b2e114-fb21-43b7-8194-bd67f5a0b41c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-52288", "type": "seen", "source": "https://t.me/cvedetector/10521", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-52288 - Cisco libosdp RMAC Replay Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-52288 \nPublished : Nov. 11, 2024, 8:15 p.m. | 37\u00a0minutes ago \nDescription : libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT` or `REPLY_RMAC_I` may be introduced into an active stream when they should not be. Once RMAC_I message can be sent during a session, attacker with MITM access to the communication may intercept the original RMAC_I reply and save it. While the session continues, the attacker will record all of the replies and save them, till capturing the message to be replied (can be detected by ID, length or time based on inspection of visual activity next to the reader) Once attacker captures a session with the message to be replayed, he stops resetting the connection and waits for signal to perform the replay to of the PD to CP message (ex: by signaling remotely to the MIMT device or setting a specific timing). In order to replay, the attacker will craft a specific RMAC_I message in the proper seq of the execution, which will result in reverting the RMAC to the beginning of the session. At that phase - attacker can replay all the messages from the beginning of the session. This issue has been addressed in commit `298576d9` which is included in release version 3.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. \nSeverity: 5.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-11T21:57:34.000000Z"}]}