Published: 15/05/2023 Updated: 24/05/2023

CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9

VMScore: 0

DescriptionA flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. This may allow an malicious user to run remote code execution on the host running the sandbox. This vulnerability impacts the confidentiality, integrity, and availability of the system.A flaw was found in the vm2 sandbox. When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections. This may allow an malicious user to run remote code execution on the host running the sandbox. This vulnerability impacts the confidentiality, integrity, and availability of the system.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vm2 project vm2

Synopsis Critical: Multicluster Engine for Kubernetes 209 security fixes and container updates Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 209 General Availability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as having a security ...

Synopsis Critical: Multicluster Engine for Kubernetes 217 security fixes and container updates Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 217 General Availability release images, which address security issues and update container imagesRed Hat Product Security has rated this update as having a secu ...

Synopsis Critical: Red Hat Advanced Cluster Management 274 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 274 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...

Synopsis Critical: Multicluster Engine for Kubernetes 224 security fixes and container updates Type/Severity Security Advisory: Critical Topic Multicluster Engine for Kubernetes 224 General Availability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as having a security ...

Synopsis Critical: Red Hat Advanced Cluster Management 266 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 266 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...

Synopsis Critical: Red Hat Advanced Cluster Management 259 security fixes and container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 259 GeneralAvailability release images, which fix security issues and update container imagesRed Hat Product Security has rated this update as h ...

DescriptionA flaw was found in the vm2 sandbox When a host object is created based on the specification of Proxy, an attacker can bypass the sandbox protections This may allow an attacker to run remote code execution on the host running the sandbox This vulnerability impacts the confidentiality, integrity, and availability of the systemA ...

This Repository Includes Kubernetes manifest files for configuration of Honeypot system and Falco IDS in K8s environment. There are also Demo Application written with Node.js which is containing Remote Code Execution Vulnerability (CVE-2023-32314) for demonstrating all addvantages of this architecture to manage Honeypot systems

Honeypot_Smart_Infrastructure This Repository Includes Kubernetes manifest files for configuration of Honeypot system and Falco IDS in K8s environment There are also Demo Application written with Nodejs which is containing Remote Code Execution Vulnerability (CVE-2023-32314) for demonstrating all addvantages of this architecture to manage Honeypot systems

An exploit for vm2 sandbox < 3.9.18

CVE-2023-32314 vm2 is a library that provides a sandbox created to run code without worry about the security for the machine which will actually run the code It abuses an unexpected creation of a host object based on the specification of Proxy A hacker can bypass the sandbox protections to gain remote code execution rights on the host actually running the code This vulnerabi

An exploit for vm2 sandbox < 3.9.18

CVE-2023-32314 vm2 is a library that provides a sandbox created to run code without worry about the security for the machine which will actually run the code It abuses an unexpected creation of a host object based on the specification of Proxy A hacker can bypass the sandbox protections to gain remote code execution rights on the host actually running the code This vulnerabi

NVD-CWE-noinfo https://gist.github.com/arkark/e9f5cf5782dec8321095be3e52acf5ac https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 https://github.com/patriksimek/vm2/releases/tag/3.9.18 https://github.com/patriksimek/vm2/commit/d88105f99752305c5b8a77b63ddee3ec86912daf https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2023:3353 https://github.com/AdarkSt/Honeypot_Smart_Infrastructure https://access.redhat.com/security/cve/cve-2023-32314

CVE-2023-32314

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect