{"vulnerability": "CVE-2024-7646", "sightings": [{"uuid": "b3d725f0-e29c-402b-9c3d-ff1794f66024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "seen", "source": "MISP/e972b85a-6874-4119-a161-54982628a7ff", "content": "", "creation_timestamp": "2024-10-22T14:06:49.000000Z"}, {"uuid": "78a7d507-d1da-4dd6-90dc-b889021fbf95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3llbigus4d22z", "content": "", "creation_timestamp": "2025-03-26T09:38:34.282351Z"}, {"uuid": "6045609d-ed17-4d78-bf8e-ed19b827f000", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "seen", "source": "https://bsky.app/profile/fidelissauro.bsky.social/post/3llgre5bluc2q", "content": "", "creation_timestamp": "2025-03-28T12:01:22.733338Z"}, {"uuid": "0ae814b4-0e02-40f4-b571-52d2ac39defd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8282", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1apoc for CVE-2024-7646\nURL\uff1ahttps://github.com/UgOrange/CVE-2024-7646-poc\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-17T14:16:54.000000Z"}, {"uuid": "67185c64-d586-4f3e-9143-df5cc2c3fb2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8283", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1apoc for CVE-2024-7646\nURL\uff1ahttps://github.com/lfillaz/CVE-2024-7703\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-17T14:46:06.000000Z"}, {"uuid": "f5473b15-6e23-474a-8e92-b890f3d2c084", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/190", "content": "#exploit\n1. CVE-2024-7646:\nIngress-NGINX Annotation Validation Bypass\nhttps://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass\n\n2. CVE-2024-38856:\nApache OFBiz Pre-Authentication RCE (Scanner + Exploit)\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2024-08-20T04:46:41.000000Z"}, {"uuid": "e9ffa0fb-2852-42f9-9f72-d2fc199144b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/10475", "content": "\u200aCVE-2024-7646: A Threat to Kubernetes Clusters Running ingress-nginx\n\nhttps://securityonline.info/cve-2024-7646-a-threat-to-kubernetes-clusters-running-ingress-nginx/", "creation_timestamp": "2024-08-19T08:52:43.000000Z"}, {"uuid": "15678dd2-33d6-46a6-a7ac-5a9ef67c41c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/9038", "content": "CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass\n\nhttps://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass/", "creation_timestamp": "2024-08-18T18:38:09.000000Z"}, {"uuid": "707bd67b-644c-44aa-bbec-361ef240f749", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11004", "content": "#exploit\n1. CVE-2024-7646:\nIngress-NGINX Annotation Validation Bypass\nhttps://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass\n\n2. CVE-2024-38856:\nApache OFBiz Pre-Authentication RCE (Scanner + Exploit)\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2024-08-19T21:16:17.000000Z"}, {"uuid": "8d451c64-a7fa-42c2-8a54-240acbfd5971", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/4060", "content": "#exploit\n1. CVE-2024-7646:\nIngress-NGINX Annotation Validation Bypass\nhttps://www.armosec.io/blog/cve-2024-7646-ingress-nginx-annotation-validation-bypass\n\n2. CVE-2024-38856:\nApache OFBiz Pre-Authentication RCE (Scanner + Exploit)\nhttps://github.com/securelayer7/CVE-2024-38856_Scanner", "creation_timestamp": "2024-08-19T09:17:15.000000Z"}, {"uuid": "413011e0-edf7-4274-972f-1d0b06be498d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8410", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC CVE-2024-7646\nURL\uff1ahttps://github.com/r0binak/CVE-2024-7646\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-29T18:49:32.000000Z"}, {"uuid": "6d31163b-0f25-455a-bb19-aa63f3a689ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8596", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC CVE-2024-7646\nURL\uff1ahttps://github.com/dovics/cve-2024-7646\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-09-25T11:17:36.000000Z"}, {"uuid": "64d1b501-f30a-4fe0-be33-354b6764735f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "seen", "source": "https://t.me/cvedetector/3354", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-7646 - \"Ingress-Nginx Unsecured Command Injection and Credential Exposure\"\", \n  \"Content\": \"CVE ID : CVE-2024-7646 \nPublished : Aug. 16, 2024, 6:15 p.m. | 37\u00a0minutes ago \nDescription : A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-16T21:14:48.000000Z"}, {"uuid": "2abdf44a-c2e0-44f8-8181-c756c2119166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-7646", "type": "published-proof-of-concept", "source": "Telegram/Y-jSNZ_IQUkYAubV1S4YWAa8lwr1arZ_5gr5ni5Hizo2WEY", "content": "", "creation_timestamp": "2024-08-21T12:19:15.000000Z"}]}