https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Wed, 17 Jun 2026 20:50:03 +0000 https://vulnerability.circl.lu/sighting/f09e1921-147b-4173-bdd7-c3416d0b80e9/export {"uuid": "f09e1921-147b-4173-bdd7-c3416d0b80e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-48312", "type": "published-proof-of-concept", "source": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp", "content": "", "creation_timestamp": "2023-11-23T11:30:01.000000Z"} {"uuid": "f09e1921-147b-4173-bdd7-c3416d0b80e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2023-48312", "type": "published-proof-of-concept", "source": "https://github.com/projectcapsule/capsule-proxy/security/advisories/GHSA-fpvw-6m5v-hqfp", "content": "", "creation_timestamp": "2023-11-23T11:30:01.000000Z"} https://vulnerability.circl.lu/sighting/f09e1921-147b-4173-bdd7-c3416d0b80e9/export Thu, 23 Nov 2023 11:30:01 +0000 https://vulnerability.circl.lu/sighting/449a7914-74b5-4ff4-a4f3-8d175ff6df11/export {"uuid": "449a7914-74b5-4ff4-a4f3-8d175ff6df11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/ctinow/155416", "content": "https://ift.tt/QTGcEim\nCVE-2023-48312 | capsule-proxy up to 0.4.5 TokenReview improper authentication", "creation_timestamp": "2023-12-16T14:48:04.000000Z"} {"uuid": "449a7914-74b5-4ff4-a4f3-8d175ff6df11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/ctinow/155416", "content": "https://ift.tt/QTGcEim\nCVE-2023-48312 | capsule-proxy up to 0.4.5 TokenReview improper authentication", "creation_timestamp": "2023-12-16T14:48:04.000000Z"} https://vulnerability.circl.lu/sighting/449a7914-74b5-4ff4-a4f3-8d175ff6df11/export Sat, 16 Dec 2023 14:48:04 +0000 https://vulnerability.circl.lu/sighting/42982335-91da-483d-99e9-e8f8bc203e21/export {"uuid": "42982335-91da-483d-99e9-e8f8bc203e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/arpsyndicate/2327", "content": "#ExploitObserverAlert\n\nCVE-2023-48312\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48312. capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.\n\nFIRST-EPSS: 0.000610000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T15:34:41.000000Z"} {"uuid": "42982335-91da-483d-99e9-e8f8bc203e21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-48312", "type": "seen", "source": "https://t.me/arpsyndicate/2327", "content": "#ExploitObserverAlert\n\nCVE-2023-48312\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-48312. capsule-proxy is a reverse proxy for the capsule operator project. Affected versions are subject to a privilege escalation vulnerability which is based on a missing check if the user is authenticated based on the `TokenReview` result. All the clusters running with the `anonymous-auth` Kubernetes API Server setting disable (set to `false`) are affected since it would be possible to bypass the token review mechanism, interacting with the upper Kubernetes API Server. This privilege escalation cannot be exploited if you're relying only on client certificates (SSL/TLS). This vulnerability has been addressed in version 0.4.6. Users are advised to upgrade.\n\nFIRST-EPSS: 0.000610000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T15:34:41.000000Z"} https://vulnerability.circl.lu/sighting/42982335-91da-483d-99e9-e8f8bc203e21/export Wed, 03 Jan 2024 15:34:41 +0000