VDB
WID-SEC-W-2023-1217
WID-SEC-W-2023-1217
PUBLISHED
vm2 ist eine Sandbox, in der nicht vertrauenswürdiger Code der in Node integrierten Module ausgeführt werden kann.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat Enterprise Linux | ||
| Open Source vm2 < 3.9.18 | ||
| Red Hat Enterprise Linux Advanced Cluster Management for Kubernetes 2 |
Exploit Intelligence
- This Repository Includes Kubernetes manifest files for configuration of Honeypot system and Falco IDS in K8s environment. There are also Demo Application written with Node.js which is containing Remote Code Execution Vulnerability (CVE-2023-32314) for demonstrating all addvantages of this architecture to manage Honeypot systems (github-poc-repo)
- This Repository Includes Kubernetes manifest files for configuration of Honeypot system and Falco IDS in K8s environment. There are also Demo Application written with Node.js which is containing Remote Code Execution Vulnerability (CVE-2023-32314) for demonstrating all addvantages of this architecture to manage Honeypot systems (github-poc)
- https://access.redhat.com/errata/RHSA-2023:3297 (circl)
- https://access.redhat.com/errata/RHSA-2023:3353 (circl)
- https://access.redhat.com/errata/RHSA-2023:3326 (circl)
- https://access.redhat.com/errata/RHSA-2023:3325 (circl)
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1217.json (circl)
- https://access.redhat.com/errata/RHSA-2023:3296 (circl)
- https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 (circl)
- https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v (circl)
…and 4 more exploits
Timeline
- May 15, 2023 CVE Published
- Jun 4, 2023 CVE Updated
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
- May 7, 2026 Distribution Patch
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1217.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1217 advisory
- https://access.redhat.com/errata/RHSA-2023:3356 url
- https://access.redhat.com/errata/RHSA-2023:3353 url
- https://access.redhat.com/errata/RHSA-2023:3326 url
- https://access.redhat.com/errata/RHSA-2023:3325 url
- https://access.redhat.com/errata/RHSA-2023:3297 url
- https://access.redhat.com/errata/RHSA-2023:3296 url
- https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 url
- https://github.com/patriksimek/vm2/security/advisories/GHSA-p5gc-c584-jj6v url