{"vulnerability": "CVE-2023-3084", "sightings": [{"uuid": "d428fc6e-b490-4ad6-90ef-804f54ec7d57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "seen", "source": "https://t.me/ctinow/119046", "content": "https://ift.tt/ckzX7Bn\nGCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845", "creation_timestamp": "2023-06-20T05:41:47.000000Z"}, {"uuid": "b51e1287-408d-4944-9503-1c030a26921b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30840", "type": "seen", "source": "https://t.me/cibsecurity/63457", "content": "\u203c CVE-2023-30840 \u203c\n\nFluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.Once the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster.To exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means.Version 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-08T22:37:45.000000Z"}, {"uuid": "ccc5a54b-f26f-463d-9506-793d0d4140b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30844", "type": "seen", "source": "https://t.me/cibsecurity/63454", "content": "\u203c CVE-2023-30844 \u203c\n\nMutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-08T22:37:42.000000Z"}, {"uuid": "979a9c48-2b73-4d44-b4c9-a6ccc84f7e7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30848", "type": "seen", "source": "https://t.me/cibsecurity/62992", "content": "\u203c CVE-2023-30848 \u203c\n\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T20:26:38.000000Z"}, {"uuid": "7d5224f5-1e31-4d58-8b23-e07e267ba46e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30849", "type": "seen", "source": "https://t.me/cibsecurity/62994", "content": "\u203c CVE-2023-30849 \u203c\n\nPimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T20:26:40.000000Z"}, {"uuid": "067d7efb-bd1c-4d66-b8f8-cd176b3c7f3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30847", "type": "seen", "source": "https://t.me/cibsecurity/62977", "content": "\u203c CVE-2023-30847 \u203c\n\nH2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T18:37:03.000000Z"}, {"uuid": "23092fa4-caf6-4d88-a8cf-c7e7db19e063", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30848", "type": "seen", "source": "https://gist.github.com/alon710/642ee88b28bbc94528a7e7d1b9ae5448", "content": "", "creation_timestamp": "2026-01-24T21:24:59.000000Z"}, {"uuid": "d02b1055-fd22-4c73-b7d7-6227d56bced2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30843", "type": "seen", "source": "https://t.me/cibsecurity/62935", "content": "\u203c CVE-2023-30843 \u203c\n\nPayload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:06.000000Z"}, {"uuid": "5d4871c6-eb29-48e2-b300-16d383a6186b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30846", "type": "seen", "source": "https://t.me/cibsecurity/62948", "content": "\u203c CVE-2023-30846 \u203c\n\ntyped-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:22.000000Z"}, {"uuid": "abe3a93d-bc69-4c1a-826e-214f56d32cc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/LearnExploit/5519", "content": "CVE-2023-30845\n\nJWT authentication bypass via \"X-HTTP-Method-Override\"\n\nGithub\n\n#CVE #Bypass #Exploit \n\u2014\u2014\u2014\u2014\u2014\u2014\n0Day.Today\n@LearnExploit\n@Tech_Army", "creation_timestamp": "2023-09-24T09:54:42.000000Z"}, {"uuid": "47955859-ee33-40f4-85e2-15ee08ed1673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1103", "content": "#exploit\n1. PoC for demonstrating Race Conditions on Websockets\nhttps://github.com/redrays-io/WS_RaceCondition_PoC\n\n2. CVE-2023-4863:\nHeap buffer overflow in the WebP image library\nhttps://blog.isosceles.com/the-webp-0day\n]-> https://github.com/mistymntncop/CVE-2023-4863\n\n3. CVE-2023-30845:\nJWT authentication bypass via \"X-HTTP-Method-Override\"\nhttps://github.com/himori123/-CVE-2023-30845", "creation_timestamp": "2024-08-16T08:28:21.000000Z"}, {"uuid": "c872ed2f-d1ac-4ecd-8bac-c06ef52a7897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30848", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mcfu73txx72m", "content": "", "creation_timestamp": "2026-01-14T19:59:07.501303Z"}, {"uuid": "5286bfb5-8a3e-4607-a10b-6d779d04a5ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30848", "type": "seen", "source": "https://bsky.app/profile/euvd-bot.bsky.social/post/3mcg4qu53wn2t", "content": "", "creation_timestamp": "2026-01-14T22:32:08.152059Z"}, {"uuid": "40aee726-19b8-4287-8f40-ceaa83326280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30848", "type": "seen", "source": "https://gist.github.com/alon710/ef6eb854d2eb9ebb8845eef641b41150", "content": "", "creation_timestamp": "2026-01-24T22:34:02.000000Z"}, {"uuid": "c6c9189b-8f73-4ef9-ae05-b08ededed3d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30848", "type": "seen", "source": "https://gist.github.com/alon710/6f56f13b46af65ce64dfac246686d5ac", "content": "", "creation_timestamp": "2026-01-24T22:33:59.000000Z"}, {"uuid": "6367e344-92d8-49e1-a01c-90b5dc1d7d0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "seen", "source": "https://t.me/cibsecurity/62949", "content": "\u203c CVE-2023-30845 \u203c\n\nESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases.ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability.Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T00:25:23.000000Z"}, {"uuid": "7ad08396-2f43-40d4-a37e-aea1384c2165", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30842", "type": "seen", "source": "https://t.me/cibsecurity/62873", "content": "\u203c CVE-2023-30842 \u203c\n\nAVideo is an open-source video platform. Prior to version 12.4, AVideo is vulnerable to remote code execution when an attacker embeds a malicious video link. This issue is fixed in version 12.4.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T02:25:14.000000Z"}, {"uuid": "1fd04308-4db6-49b3-8c46-01b8bef2ea83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30845", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9072", "content": "#exploit\n1. PoC for demonstrating Race Conditions on Websockets\nhttps://github.com/redrays-io/WS_RaceCondition_PoC\n\n2. CVE-2023-4863:\nHeap buffer overflow in the WebP image library\nhttps://blog.isosceles.com/the-webp-0day\n]-> https://github.com/mistymntncop/CVE-2023-4863\n\n3. CVE-2023-30845:\nJWT authentication bypass via \"X-HTTP-Method-Override\"\nhttps://github.com/himori123/-CVE-2023-30845", "creation_timestamp": "2023-09-23T12:27:01.000000Z"}]}