{"vulnerability": "CVE-2024-5042", "sightings": [{"uuid": "ef174059-0d51-45e8-8560-ddbd526615d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5042", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2354", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-5042\n\ud83d\udd39 Description: A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.\n\ud83d\udccf Published: 2024-05-17T13:12:00.551Z\n\ud83d\udccf Modified: 2025-01-20T08:33:53.439Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:4591\n2. https://access.redhat.com/security/cve/CVE-2024-5042\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2280921\n4. https://github.com/advisories/GHSA-2rhx-qhxp-5jpw", "creation_timestamp": "2025-01-20T08:59:25.000000Z"}, {"uuid": "b5b34321-39a2-44f6-9cf8-b558cd60c848", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5042", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10650", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-5042\n\ud83d\udd25 CVSS Score: 6.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N)\n\ud83d\udd39 Description: A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.\n\ud83d\udccf Published: 2024-05-17T13:12:00.551Z\n\ud83d\udccf Modified: 2025-04-07T01:33:36.316Z\n\ud83d\udd17 References:\n1. https://access.redhat.com/errata/RHSA-2024:4591\n2. https://access.redhat.com/security/cve/CVE-2024-5042\n3. https://bugzilla.redhat.com/show_bug.cgi?id=2280921\n4. https://github.com/advisories/GHSA-2rhx-qhxp-5jpw", "creation_timestamp": "2025-04-07T01:44:19.000000Z"}, {"uuid": "85d5fb41-a13e-4125-8c8e-70ec04d3d68c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50427", "type": "seen", "source": "https://t.me/cvedetector/9262", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50427 - Devsoft Baltic O\u00dc SurveyJS Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50427 \nPublished : Oct. 29, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic O\u00dc SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136. \nSeverity: 9.9 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T10:35:08.000000Z"}, {"uuid": "e792df5c-23eb-4f4b-92c4-12cc259d0a52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50426", "type": "seen", "source": "https://t.me/cvedetector/9261", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50426 - Survey Maker Stored XSS\", \n  \"Content\": \"CVE ID : CVE-2024-50426 \nPublished : Oct. 29, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 5.0.2. \nSeverity: 5.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T10:35:07.000000Z"}, {"uuid": "8137374a-472e-4350-8b09-e58f40b908eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50420", "type": "seen", "source": "https://t.me/cvedetector/9260", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50420 - aDirectory Unrestricted File Upload RCE\", \n  \"Content\": \"CVE ID : CVE-2024-50420 \nPublished : Oct. 29, 2024, 9:15 a.m. | 19\u00a0minutes ago \nDescription : Unrestricted Upload of File with Dangerous Type vulnerability in adirectory aDirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through 1.3. \nSeverity: 10.0 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T10:35:06.000000Z"}, {"uuid": "e74f8614-2cae-4f7f-8ac3-e6ed17e65949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50428", "type": "seen", "source": "https://t.me/cvedetector/9378", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50428 - \"Ardor Form Missing Authorization\"\", \n  \"Content\": \"CVE ID : CVE-2024-50428 \nPublished : Oct. 29, 2024, 10:15 p.m. | 41\u00a0minutes ago \nDescription : Missing Authorization vulnerability in Mondula GmbH Multi Step Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Multi Step Form: from n/a through 1.7.21. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-29T23:59:03.000000Z"}, {"uuid": "ad857022-f4ea-413d-b9ad-d5ff645b165b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-50429", "type": "seen", "source": "https://t.me/cvedetector/9167", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-50429 - WordPress BlockArt Magazine Blocks Cross-site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-50429 \nPublished : Oct. 28, 2024, 7:15 p.m. | 42\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPBlockArt Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.15. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"28 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-28T21:11:15.000000Z"}]}