{"vulnerability": "cve-2024-4531", "sightings": [{"uuid": "2adcaf8c-a67c-411c-bea9-09eb4f2cee4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45310", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4946", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-45310\n\ud83d\udd25 CVSS Score: 3.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)\n\ud83d\udd39 Description: runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.\n\ud83d\udccf Published: 2024-09-03T19:07:34.060Z\n\ud83d\udccf Modified: 2025-02-21T18:03:30.271Z\n\ud83d\udd17 References:\n1. https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv\n2. https://github.com/opencontainers/runc/pull/4359\n3. https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7\n4. https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e\n5. https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf", "creation_timestamp": "2025-02-21T18:19:03.000000Z"}, {"uuid": "6ca65aef-14a8-479c-a794-8be14de56cc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45319", "type": "seen", "source": "https://t.me/cvedetector/12101", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45319 - A vulnerability in the SonicWall SMA100 SSLVPN f\", \n  \"Content\": \"CVE ID : CVE-2024-45319 \nPublished : Dec. 5, 2024, 2:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability in the SonicWall SMA100 SSLVPN   \n  \nfirmware\u00a010.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T16:11:46.000000Z"}, {"uuid": "b917e9f6-6ac6-4ffb-bc1e-d7d10d734cc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45318", "type": "seen", "source": "https://t.me/cvedetector/12100", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45318 - A vulnerability in the SonicWall SMA100 SSLVPN web\", \n  \"Content\": \"CVE ID : CVE-2024-45318 \nPublished : Dec. 5, 2024, 2:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-05T16:11:45.000000Z"}, {"uuid": "3952aff8-530e-4d94-a9b5-013b9df5d55d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45318", "type": "seen", "source": "https://infosec.exchange/users/jbhall56/statuses/113606395389007280", "content": "", "creation_timestamp": "2024-12-06T14:40:23.861554Z"}, {"uuid": "dc3abe11-fd2d-4c69-b10c-4faf6881b5a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45318", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113600539489364631", "content": "", "creation_timestamp": "2024-12-05T13:51:09.901994Z"}, {"uuid": "6688f9b7-c2e6-487f-a930-5fed8f6b3cc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45318", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113600185597148773", "content": "", "creation_timestamp": "2024-12-05T12:21:10.248180Z"}, {"uuid": "1b63f762-41aa-4422-bbc6-c5958ee073f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45319", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113600560926784197", "content": "", "creation_timestamp": "2024-12-05T13:56:37.134168Z"}, {"uuid": "4fb69560-fd87-4289-9ee0-e8c5778ed3de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45314", "type": "seen", "source": "https://t.me/cvedetector/4804", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45314 - Apache Flask-AppBuilder Sensitive Data Storage Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45314 \nPublished : Sept. 4, 2024, 4:15 p.m. | 44\u00a0minutes ago \nDescription : Flask-AppBuilder is an application development framework. Prior to version 4.5.1, the auth DB login form default cache directives allows browser to locally store sensitive data. This can be an issue on environments using shared computer resources. Version 4.5.1 contains a patch for this issue. If upgrading is not possible, configure one's web server to send the specific HTTP headers for `/login` per the directions provided in the GitHub Security Advisory. \nSeverity: 3.6 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-04T19:25:19.000000Z"}, {"uuid": "8d78465b-0503-46ed-baac-4e23d5efa481", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45318", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114630758690927812", "content": "", "creation_timestamp": "2025-06-05T12:29:27.676323Z"}, {"uuid": "6c535532-4fd1-4c8e-b836-887d3dde57ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45319", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114630758690927812", "content": "", "creation_timestamp": "2025-06-05T12:29:27.772414Z"}, {"uuid": "cced241e-3fec-4191-b66c-fefa1cbdc7d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45310", "type": "seen", "source": "https://t.me/cvedetector/4710", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45310 - runc is a CLI tool for spawning and running contai\", \n  \"Content\": \"CVE ID : CVE-2024-45310 \nPublished : Sept. 3, 2024, 7:15 p.m. | 23\u00a0minutes ago \nDescription : runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.  \n  \nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual  \nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested. \nSeverity: 3.6 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"03 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-03T21:39:25.000000Z"}, {"uuid": "fda7a083-69d3-4807-aa25-92e151f5c618", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45312", "type": "seen", "source": "https://t.me/cvedetector/4647", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45312 - Overleaf ASPell Dictionary File Path Manipulation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45312 \nPublished : Sept. 2, 2024, 6:15 p.m. | 42\u00a0minutes ago \nDescription : Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server.  This causes `aspell` to attempt to load  a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7.  Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature.  However, upgrading is advised. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-02T21:24:19.000000Z"}, {"uuid": "c16f88ac-d25c-4e01-aec3-c44eab7fbcec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45311", "type": "seen", "source": "https://t.me/cvedetector/4646", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45311 - Quinn QUIC Protocol Remote Panic Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45311 \nPublished : Sept. 2, 2024, 6:15 p.m. | 42\u00a0minutes ago \nDescription : Quinn is a pure-Rust, async-compatible implementation of the IETF QUIC transport protocol. As of quinn-proto 0.11, it is possible for a server to `accept()`, `retry()`, `refuse()`, or `ignore()` an `Incoming` connection. However, calling `retry()` on an unvalidated connection exposes the server to a likely panic in the following situations:  1. Calling `refuse` or `ignore` on the resulting validated connection, if a duplicate initial packet is received. This issue can go undetected until a server's `refuse()`/`ignore()` code path is exercised, such as to stop a denial of service attack. 2. Accepting when the initial packet for the resulting validated connection fails to decrypt or exhausts connection IDs, if a similar initial packet that successfully decrypts and doesn't exhaust connection IDs is received. This issue can go undetected if clients are well-behaved. The former situation was observed in a real application, while the latter is only theoretical. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-02T21:24:18.000000Z"}, {"uuid": "1ed67db9-a2af-4b29-9d92-8d111fafefb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45313", "type": "seen", "source": "https://t.me/cvedetector/4645", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-45313 - Overleaf Sibling Container File Access Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-45313 \nPublished : Sept. 2, 2024, 6:15 p.m. | 42\u00a0minutes ago \nDescription : Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used. \nSeverity: 5.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"02 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-02T21:24:17.000000Z"}, {"uuid": "3e85ad48-d7bd-4fdc-87ab-975f11893281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45315", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1335/", "content": "", "creation_timestamp": "2024-10-11T05:00:00.000000Z"}, {"uuid": "c1ffab6b-2ff2-4d89-b460-f11c156dc090", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45316", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-24-1334/", "content": "", "creation_timestamp": "2024-10-11T05:00:00.000000Z"}, {"uuid": "0f80566c-9783-441a-a318-eb4957d0833c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45319", "type": "seen", "source": "https://infosec.exchange/users/screaminggoat/statuses/113600185597148773", "content": "", "creation_timestamp": "2024-12-05T12:21:10.283127Z"}, {"uuid": "5abd1379-dcee-40d9-a7e9-9f39f3166a1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45310", "type": "seen", "source": "https://bsky.app/profile/ferramentaslinux.bsky.social/post/3lqnbcr7qec2w", "content": "", "creation_timestamp": "2025-06-02T17:08:54.991543Z"}, {"uuid": "b4a9219e-c904-48d0-b0cf-476f3c3ce0e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45318", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/ff9a96b8-41b6-43fe-b430-913aad09c4c7", "content": "", "creation_timestamp": "2025-05-05T07:56:53.581572Z"}, {"uuid": "28251555-57c3-4ca3-ae1f-5e69fe4be838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-45319", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/ff9a96b8-41b6-43fe-b430-913aad09c4c7", "content": "", "creation_timestamp": "2025-05-05T07:56:53.581572Z"}]}