It feels weird that it has it’s own domain name and slogan. I get that there’s a promotional aspect to it, but it seems a bit much.
This is not uncommon for high-profile CVEs. For example, brokenwire.fail, heartbleed.com, spectreattack.com, etc…
They had a month to set it up.
Hmm seems like that report is AI generated
It is. The vuln itself was found with guidance of an AI tool. Doesn’t make the vuln any less bad. Does make Xint look really shitty for constantly shilling with boilerplate AI instead of a good human analysis (or at least something above boilerplate).
Only if you enable the mode for rootless containers. If you run more safe, this thing is apparently impotent.
No containers here, no cry.
In the writeup, they say there’s multiple other vulnerabilities on this attack surface, but they’re still working on responsible disclosure.