{"id":19052118,"url":"https://github.com/bigpick/cve-reading-list","last_synced_at":"2026-02-28T03:12:00.257Z","repository":{"id":169407969,"uuid":"467215117","full_name":"bigpick/cve-reading-list","owner":"bigpick","description":null,"archived":false,"fork":false,"pushed_at":"2022-03-14T19:21:26.000Z","size":8,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-11-12T03:22:34.916Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bigpick.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-07T18:35:12.000Z","updated_at":"2022-03-07T18:35:12.000Z","dependencies_parsed_at":null,"dependency_job_id":"e55481f6-cb9e-4e48-b5a5-d2aa6be53593","html_url":"https://github.com/bigpick/cve-reading-list","commit_stats":null,"previous_names":["bigpick/cve-reading-list"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/bigpick/cve-reading-list","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bigpick%2Fcve-reading-list","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bigpick%2Fcve-reading-list/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bigpick%2Fcve-reading-list/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bigpick%2Fcve-reading-list/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bigpick","download_url":"https://codeload.github.com/bigpick/cve-reading-list/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bigpick%2Fcve-reading-list/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29923485,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-27T19:37:42.220Z","status":"online","status_checked_at":"2026-02-28T02:00:07.010Z","response_time":90,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T23:20:59.599Z","updated_at":"2026-02-28T03:12:00.238Z","avatar_url":"https://github.com/bigpick.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# My CVE, bug bounty, and general cybersec relevant reading list and notes\n\n## Misc Links\n* National Vulnerability Database: [here][13].\n   * NVD CVE search: [here][12].\n   * NVD data feeds listing: [here][11].\n* CVE details CVSS distribution listing: [here][14].\n* Mitre CVE search: [here][10].\n* Pentesterland list of bug bounty writeups: [here][9].\n* JFrog security research blogroll: [here][8].\n* vuldb listing: [here][16].\n\n---\n\n##  2022\n\n### March\n\n| Title                                                                                                                                                                                                | Notes     | CVE            | Key Takeaways                                                                                                                                                                                                                               | Tags                                   |\n| ---                                                                                                                                                                                                  | --        | ---            | ---                                                                                                                                                                                                                                         | ---                                    |\n| [GitLab GraphQL API User Enumeration][17]                                                                                                                                                            |           | CVE-2021-4191  | Don't expose services to the internet unless you absolutely have to. Ensure all possible endpoints are subject to authentication if required                                                                                                | gitlab, hosting practices, enumeration |\n| [Arbitrary command injection in `pipenv`][15]                                                                                                                                                        |           | CVE-2022-21668 | Comments **weren't** ignored, because they were improperly parsing requirements files; if the thing you are parsing has a spec, parse it according to the spec. If it doesn't, make the people who own the thing you're parsing write one:) | pipenv, python                         |\n| [The Impact of CVE-2022-0185 Linux Kernel Vulnerability on Popular Kubernetes Engines][5] and [CVE-2022-0185 - Winning a $31337 Bounty after Pwning Ubuntu and Escaping Google's KCTF Containers][6] | [here][7] | CVE-2022-0185  | Once again, `--privileged` and SECCOMP would help save the day. Don't disable them, people! Stay up to date on kernel updates.                                                                                                              | containers, escape                     |\n| [Can containers escape?][1]                                                                                                                                                                          | [here][3] | CVE-2022-0492  | Securing containers with apparmor, selinux, or seccomp is a good idea. Also, up-to-date Linux releases are a good idea.                                                                                                                     | cgroups, containers, linux             |\n| [Escaping privileged containers for fun][2]                                                                                                                                                          |           |                | `mount` + `gcc` + `/proc/sys/kernel/core_pattern` + a privileged container --\u003e arbitrary commands on container host                                                                                                                         | docker, escape, privileges             |\n\n### Notes\n\n#### March\n\n##### pwning Ubuntu and escaping Google\n\n* Google's [syzkaller][14] looks interesting:\n\n    \u003e syzkaller is an unsupervised coverage-guided kernel fuzzer\n\n##### Can containers escape?\n\n* `cgroups`, controlled by `cgroupfs`, provide means to limit/account/isolate the resource usage of a set of processes.\n   * further divided into subsystems, each responsible for a specific resource (e.g memory cgroup, device cgroup, etc)\n      * any further nested are new cgroups under that subsystem\n* `cat /proc/self/cgroup` shows cgroup membership\n* Arbitrary binaries (run with highest possible, root, permissions) can be ran by the termination of a proc in a cgroup if there has been a binary assigned to the subsystem's `release_agent`, and the child process has `notify_on_release` enabled.\n   * This is OK, if the system was checking that the child proc had the `CAP_SYS_ADMIN` perms to run it first. _It was not_.\n   * Writing to `notify_on_release` still requires `root` within the container.\n* cgroups are RO mounts inside containers (`mount | grep \"cgroup (ro\"`)\n* Utility helper/checker function: [Palo Alto Networks - can container escape][4]\n\n\n---\n\n[1]: \u003chttps://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/\u003e \"Can containers escape\"\n[2]: \u003chttps://pwning.systems/posts/escaping-containers-for-fun/\u003e\n[3]: \u003c#can-containers-escape\u003e\n[4]: \u003chttps://github.com/PaloAltoNetworks/can-ctr-escape-cve-2022-0492\u003e\n[5]: \u003chttps://jfrog.com/blog/the-impact-of-cve-2022-0185-linux-kernel-vulnerability-on-popular-kubernetes-engines/\u003e\n[6]: \u003chttps://www.willsroot.io/2022/01/cve-2022-0185.html\u003e\n[7]: \u003c#pwning-ubuntu-and-escaping-google\u003e\n[8]: \u003chttps://jfrog.com/blog/tag/security-research/\u003e\n[9]: \u003chttps://pentester.land/list-of-bug-bounty-writeups.html#bug-bounty-writeups-published-in-2022\u003e\n[10]: \u003chttps://cve.mitre.org/cve/search_cve_list.html\u003e\n[11]: \u003chttps://nvd.nist.gov/vuln/data-feeds\u003e\n[12]: \u003chttps://nvd.nist.gov/vuln/search\u003e\n[13]: \u003chttps://nvd.nist.gov/\u003e\n[14]: \u003chttps://github.com/google/syzkaller\u003e\n[15]: \u003chttps://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w\u003e\n[16]: \u003chttps://vuldb.com/?\u003e\n[17]: \u003chttps://www.rapid7.com/blog/post/2022/03/03/cve-2021-4191-gitlab-graphql-api-user-enumeration-fixed/\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbigpick%2Fcve-reading-list","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbigpick%2Fcve-reading-list","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbigpick%2Fcve-reading-list/lists"}