An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues
An issue in Azure Cloud Shell could have allowed an attacker to take over
an Azure App Service domain and leverage it to inject and execute
commands in other tenants' terminals if they navigated to...
Tue, Sep 20th, 2022
Any unattached storage volume, or attached storage volumes allowing multi-attachment,
could have been read from or written to as long as an attacker knew their Oracle Cloud Identifier (OCID),
Azure Synapse Analytics is an analytics service for processing data using various runtimes,
among them Apache Spark. Synapse provided users the capability to mount Azure File Shares to
Thu, Sep 1st, 2022
In GCP's case, they introduced a modification to the Cloud SQL's PostgreSQL engine allowing the role assigned to the
tenant (cloudsqlsuperuser) to arbitrarily change the ownership of a table to any...
Thu, Aug 11th, 2022
If a malicious actor with prior access to an AWS environment has permission to modify the S3
Replication Service role access policy, they could abuse cross-account replication to exfiltrate
Wed, Jul 20th, 2022
AWS CodeArtifact was susceptible to dependency confusion / substitution (i.e, publication of a
malicious package to a public repository with the same name as an organization’s internal package).
Thu, Jul 14th, 2022