Emilien Socchi

Azure Cognitive Search (ACS) is a full-text search engine service.
A new non-default feature allowed for a network control to bypassed, permitting an attacker to submit search queries to any other tenant's network-isolated ACS instance. However, abusing this required a valid API key 
to access the data plane of the target, along with a number of pieces of information about the target environment (such as the subscription ID and the name of the index to query).


ACSESSED

Ian Duffy

Full administrative access to the Azure Red Hat Enterprise Linux Appliance REST API was publicly exposed.
It allowed malicious actors uploading packages that would be acquired by client virtual machines on their next yum update. 
The vulnerable infrastructure supplies all the packages for all Red Hat Enterprise Linux instances booted from the Azure marketplace.


Public admin access to Azure's Red Hat Update Infrastructure

s1r1us

AI Hub Jupyter Notebook server lacked a check of the Origin header that
led to a CSRF vulnerability. An attacker could have read sensitive data and execute
arbitrary actions in customer environments.


AI Hub Jupyter Notebook instance CSRF

James Kettle (Portswigger), Arkadiy Tetelman (Chime)

ALBs found vulnerable to HTTP request smuggling (desync attack).


ALB HTTP request smuggling

Marco Balduzzi, Jonas Zaddach, Davide Balzarotti, Engin Kirda, Sergio Loureiro

Researchers, while investigating the security posture of Public AMIs, were
able to undelete files from an official image that was published by Amazon AWS.


AWS published official AMIs with recoverable deleted files

Lidor Ben Shitrit

By misusing the Apiary web service and taking advantage of Apiary's use of IMDSv1,
a remote attacker is able to retrieve sensitive information from various endpoints
and use it to gain more access and sensitive data of other hosts in the same environment.


Oracle Apiary SSRF

Daniel Grzelak

3rd party vendors can (and sometimes do) incorrectly implement sts:ExternalId in their
AWS role trust policies, leading to confused deputy issues. These misconfigurations could
allow customers to access other customers' data. Although vendors are responsible for
ensuring their own configurations are correct, AWS could theoretically add mitigations
to prevent and detect this issue.


3rd party vendor confused deputy via AssumeRole

Elad Gabay

Any unattached storage volume, or attached storage volumes allowing multi-attachment,
could have been read from or written to as long as an attacker knew their Oracle Cloud Identifier (OCID),
allowing sensitive data to be exfiltrated or even more impactful attacks to be initiated via
executable file manipulation in the target tenant's environment.


AttachMe

Yanir Tsarimi

An exposed endpoint in the Azure Automation Service allowed to steal Azure
API credentials from other customers


AutoWarp

Daniel Thatcher

A flaw in AWS API Gateway enabled hiding HTTP request headers. Tampering
with HTTP requests visibility enabled bypassing IP restrictions, cache poisoning
and request smuggling.


AWS API Gateway HTTP header smuggling

Nick Frichette

The AWS AppSync service could be coerced to assume arbitrary roles in
other customers' accounts which trusted the AppSync service. This was
due to insufficient validation of a serviceRoleArn parameter (caused by
a case-sensitivity parsing issue). With this vulnerability, if an adversary
knew the ARN of the role associated with AppSync in the target account,
they could use it invoke arbitrary AWS API calls.


AWS AppSync confused deputy via ServiceRoleArn

Felix Wilhelm

Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster
through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator). Multiple issues
were identified in the authenticator that could have allowed exploitation, namely (1) a
lax regular expression used to verify presigned URLs; (2) HTTP client redirect follow
(due to using Golang HTTP client in its default configuration); (3) use of the Golang URL.Query
function (which silently drops parameters that Go considers invalid, rather than raising
an error and rejecting invalid tokens); and (4) no verification that the cluster uses Go
versions newer than 1.12 (as older versions are vulnerable to request smuggling).


Multiple issues in AWS IAM Authenticator for Kubernetes

If attacker controlled data is viewed in Cloudshell it could have led to
code execution. This exact same issue existed in Azure previously.


AWS CloudShell terminal escape

Spencer Gietzen

The AWS CodeStar service had an undocumented API (codestar:CreateProjectFromTemplate) that allowed
users with broadly-scoped CodeStar permissions to create a CodeStar project. As part of the creation
process, AWS would create a new CodeStarWorker IAM policy & attach it to the user making the call.
This policy granted full access to over 50 AWS services, including iam:AttachRolePolicy, iam:AttachUserPolicy and iam:PutRolePolicy permissions,
which would allow the user to escalate to full administrator access. Following disclosure, AWS removed
the majority of access granted by the CodeStarWorker policy, but this is still a viable escalation path if
there are other misconfigurations in the environment.


IAM privilege escalation via undocumented CodeStar API

An AWS employee pushed sensitive data to a public github bucket, including customer information and credentials.
Note: This issue is outside the scope of this database's usual criteria for inclusion,
but has been kept for historic reasons, as it was included in the original CSP Security Mistakes dataset.


AWS uploaded sensitive data to public GitHub bucket

Information about this issue is under NDA, but AWS customers can read about it on pages 120-121 of the report,
which is available for download through AWS Artifact.
Note: This issue is outside the scope of this database's usual criteria for inclusion, but has
been kept for historic reasons, as it was included in the original CSP Security Mistakes dataset.


AWS SOC 2 type 2 failure (Fall 2020)

Information about this issue is under NDA, but AWS customers can read about it on page 98 of the report,
which is available for download through AWS Artifact.
Note: This issue is outside the scope of this database's usual criteria for inclusion, but has
been kept for historic reasons, as it was included in the original CSP Security Mistakes dataset.


AWS SOC 2 type 2 failure (Fall 2021)

Through an undocumented API service called 'iamadmin', attackers could invoke any of 13 read-only IAM actions without the activity being being logged to CloudTrail.
These actions included listing group policies (iam:ListGroupPolicies), listing access keys (iam:ListAccessKeys), retrieving information about a role (iam:GetRole), and more.
This could have enabled adversaries to perform enumeration and reconnaissance activity undetected after gaining a foothold in a victim AWS environment.


AWS CloudTrail bypass for specific IAM actions

AWS offers a metadata service accessible to most EC2 Instances via a simple GET request to 169.254.169.254.
If an instance has an SSRF vulnerability, attackers can access the metadata service & exfiltrate the credentials 
of an attached IAM role to gain privileged access to the relevant AWS environment.


AWS IAM role credential exfiltration via EC2 Instance Metadata Service (IMDSv1)

Two malicious versions were created of packages previously used by AWS.
The packages were officially authored and maintained by AWS before they
were removed by their legitimate author, and once the packages were
removed, their names became available and the two packages were then
populated with malicious code. If AWS-deployed software had any dependencies
on these packages, this would have led to a dependency confusion attack.


AWS package backfill attack

Gafnit Amiga

A vulnerability was discovered in the Aurora PostgreSQL log_fdw extension
for Amazon Relational Database Service (RDS), allowing an attacker to read
files on the EC2 host and obtain credentials for an internal AWS service.


AWS RDS local file read

Riyaz Walikar

The AWS RDS service does not enable secure transport layer security by default, allowing clients to connect insecurely.
Additionally, for the more commonly used MySQL and MariaDB RDS engine types, this setting cannot be enabled at all.


AWS RDS does not enforce SSL/TLS encryption

Ryan Gerstenkorn

An attacker with sufficient privileges in AWS to modify the route table
and some other EC2 privileges, could pretend to be a metadata server and provide
an attacker controlled bootup script to EC2s to move laterally.


Route table modification to imitate metadata service

Jonathan Rault

Using CloudTrail S3 data events, it was possible to determine the AWS account ID of
any existing S3 bucket by calling any S3 API, getting denied, and looking at the value in the resource
key in error message that showed up in CloudTrail.


CloudTrail S3 data events leak bucket Account ID

Colin Percival

When making authenticated API requests to AWS, the requests must be signed
with your AWS access key. The initial signing algorithm, SigV1, was vulnerable
to collisions. A person-in-the-middle attack would be able to modify signed requests
via specially constructed collisions.


Signature version 1 (SigV1) is insecure

Osama Elnaggar

AWS WAF using the Core Rules set allowed SQL injection. In AWS WAF only the first 8 KB (8,192 bytes) of the request body are forwarded to AWS WAF for inspection, but AWS Managed rules allowed requests up to 10 KB.
An attacker could send a request larger than 8 KB but smaller than 10 KB, with a malicious payload located after the first 8,192 bytes, and thereby pass the WAFs inspection. 
To fix this issue, AWS reduced the request size limit to 8 KB.


AWS WAF configuration allows SQL injection

An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be displayed in the management console in the Elastic Beanstalk section. Due to improper sanitization, an attacker could insert an XSS payload that would execute in a victim's browser.


Elastic Beanstalk - XSS in Web Console

Chen Cohen

An attacker could gain root privileges on their Azure Cloud Shell container,
escape from the container, and then gain root privileges on the underlying node,
the root cause being an insecure kubelet port (10250), among other cluster misconfigurations.
Once they could access the node filesystem, an attacker could extract kubelet API
credentials which allowed listing all pods and nodes in the cluster, including
those belonging to other tenants. Moreover, an attacker could bypass RBAC policies
in the cluster by deploying a pod with the "NodeSelector" flag, and thereby escalate
their privileges to root on other tenants' containers (the same issue affected
Azure Container Instances).


Azure Cloud Shell and Container Instances breakout

An issue in Azure Cloud Shell could have allowed an attacker to take over
an Azure App Service domain and leverage it to inject and execute
commands in other tenants' terminals if they navigated to the domain while
logged into their account. Using this method, an attacker could query the
Azure IMDS on other tenants' behalf and thereby obtain their access tokens.


Azure Cloud Shell access token theft

If attacker controlled data is viewed in Cloudshell it could have led to
code execution. This exact same issue was later discovered in AWS as well.


Azure Cloud Shell terminal escape

Christian August Holm Hansen

Binary Security discovered and registered two dangling cloudapp.azure.com
subdomains corresponding to subdomains at visualstudio.com. Had these been
discovered and registered by an attacker, this would have been equivalent
to a 1-click vulnerability for Azure DevOps: the attacker could have crafted
a URL referring to the sign-in API for Azure DevOps Services (app.vssps.visualstudio.com)
using one of the two subdomains in the "reply_to" field (since subdomains
of visualstudio.com would be allowed by the API). If clicked on by a target
Azure DevOps user, this would have sent an authentication token to an
attacker-controlled server, thereby allowing account takeover.


Azure Devops account takeover via dangling subdomain takeover

Aviv Sasson, Daniel Prizmant

In Azure Serverless Functions, a new container is generated by the host for every function,
which is then terminated and deleted after several minutes. Palo Alto discovered that an
API call was available to bind one path to another within the container (called "init_server_pkg_mount_BindMount")
that could be called by a low-privileged user but executed with root privileges. This could
enable a malicious tenant to escalate their privileges to root, and then escape their container
by abusing the Linux cgroup v1 “notification on release” feature (a well-known escape to host technique).
This last step was possible because the container had been granted the SYS_ADMIN capability,
did not have an AppArmor profile, and the cgroup v1 virtual filesystem was mounted as
read-writable from within the container (all against container hardening best practice).
However, the underlying HyperV host was single-tenant, thereby limiting the blast radius
of this vulnerability chain. Following disclosure, Azure added additional validation for
bind mount APIs, but the other elements of this attack sequence remain exploitable.


Azure Serverless Functions escape to host

Undocumented Azure AD APIs could allow access to internal information of any organization
that uses Azure AD. Collected details included licensing information, mailbox information, and
directory synchronization status.


Azure AD information disclosure via undocumented APIs

Josh Magri

Azure Logic Apps use API Connections to authenticate actions to services. Having Contributor access to
an Azure Resource Manager (ARM) API Connection would allow someone to create arbitrary role assignments as the connected user.
This was supposed to be limited to actions at the Resource Group level, but an attacker could escape to the Subscription or Root level with a path traversal payload.
The root cause of this behavior was that such a payload would meet the Swagger API definition,
and it would be resolved by the server, resulting in a request to an unintended scope.


Logic Apps privilege escalation to root

Patrick Hudak

Patrick Hudak demonstrated possible subdomain takeover using the Traffic Manager in Azure.


Subdomain takeover via Azure Traffic Manager

Divyanshu Shukla

Azure Web Application Firewall (WAF) with OWASP 3.2 managed rule set and below was
vulnerable to command injection bypass using globbing patterns (incorporating the
wildcard "?" in command syntax). For example, while attempting access to "/etc/passwd"
would be blocked, a command targeting "/et?/passwo?d" would be allowed.


Azure WAF managed rule set globbing pattern bypass

SSRF vulnerabilities were discovered in four Azure services: unauthenticated SSRF in
Azure Digital Twins Explorer and Azure Functions, and authenticated SSRF in Azure API
Management Service and Azure Machine Learning Service. All four vulnerabilities were
full (non-blind) SSRF. The impact of these vulnerabilities was limited: while they
would have allowed an adversary to scan local ports and find new services, endpoints,
and files; they would not have allowed them to access metadata, connect to internal
services, access unauthorized data, or obtain cross-tenant access.


Multiple SSRF vulnerablities in Azure services

Yuval Avrahami

Azurescape

In September 22', SOCRadar discovered an insecure public Azure blob storage owned by Microsoft (olyympusv2.blob.core.windows[.]net). This blob storage was used for storing emails and other documents from interactions with their customers (such as contracts and purchase orders). In total, the blob storage contained 2.4TB of data with information concerning thousands of Microsoft customers across dozens of countries, dated between 2017 and August 22'. Following disclosure, Microsoft reconfigured it to be private. According to Microsoft, they found no indication customer accounts or systems were compromised, and directly notified affected customers.


BlueBleed

Tzah Pahima

Read access of host of AWS internal Cloudformation service via XXE SSRF.
The level of access with the compromised IAM role from there is unclear.


BreakingFormation

Etienne Champetier

An attacker with access to a hostNetwork=true container with CAP_NET_RAW
capability can listen to all the traffic going through the host and inject arbitrary
traffic, allowing to tamper with most unencrypted traffic (HTTP, DNS, DHCP, ...),
and disrupt encrypted traffic. In GKE the host queries the metadata service at
http://169[.]254.169.254 to get information, including the authorized SSH keys.
By manipulating the metadata service responses and injecting our own SSH key, it
is possible to gain root privilege on the host.


GKE and EKS CAP_NET_RAW metadata service MITM root privilege escalation

Nir Ohfeld, Sagi Tzadik

Azure's Cosmos DB database service was vulnerable to remote account takeover.
Any Azure user could gain full admin access to other customers' Cosmos DB instances without authorization.
The vulnerability had a trivial exploit that doesn't require any previous access to the target environment.


ChaosDB

Peter Collins

Executing Cloud Functions in any project and in any organization allows bypassing the GKE Authorized Networks (aka Kubernetes 
control plane firewalls) of a cluster in a different project or organization.


GKE Authorized Networks bypass via Cloud Functions

Ian Mckay

An attacker with the ability to create CloudFormation stacks could cause
a denial-of-service on some CloudFormation actions within a single AWS account.


CloudFormation denial of service (in a single account)

Aidan Steele

CloudFormation allows the use of Lambda-backed resource providers,
wherein Lambda can be used to write custom provisioning logic to be
executed during CloudFormation stack operations. The aforementioned
Lambda functions were executed in an AWS-managed account (thus
effectively allowing arbitrary code execution in that account),
and were passed a set of credentials ("platformCredentials") for a
role in this account that had several EventBridge permissions.
These were sufficient for an attacker to create new rules in the AWS-managed
account that leaked credentials belonging to other users of resource
providers. For example, creating a rule that matched events with
{"detail-type": ["AWS API Call via CloudTrail"]} exposed records
of other tenants' API calls, which included copies of credentials
for roles in other tenants' accounts.


CloudFormation resource provider credentials leak

Karim El-Melhaoui

An audit of an AWS open-source project identified a great deal of issues, and as a result AWS made the decision to take it down.


CloudFormer review

Shir Tamari, Nir Ohfeld, Sagi Tzadik, Ronen Shustin

In GCP's case, they introduced a modification to the Cloud SQL's PostgreSQL engine allowing the role assigned to the
tenant (cloudsqlsuperuser) to arbitrarily change the ownership of a table to any user
or role in the database. Thus, an attacker could (1) create a new table, (2) create an
index function with a malicious payload, and (3) change the table owner to GCP’s superuser
role (cloudsqladmin). Next, by initiating an ANALYZE command, the malicious function is
executed with GCP’s superuser high privileges. Then, an attacker could gain local privilege
escalation to root using a symlink attack, and finally, having gained CAP_NET_ADMIN and
CAP_NET_RAW capabilities, escape their container via TCP injection of a fake configuration
response from the metadata service containing an attacker-controlled SSH key (this is only
possible due to the fact that communication with GCP's metadata service is unencrypted and unsigned).
A similar bug existed in Azure Database for PostgreSQL, and was part of ExtraReplica's vulnerability chain.


Cloud SQL escape to host

When customers attach a CodeBuild project to their VPC, CodeBuild’s build container
will apply the same network routing rules as defined in the customer’s VPC Security Group.
However, CodeBuild EC2 hosts retained Internet connectivity via AWS's own VPC, thus allowing
an attacker to bypass any custom VPC rules the customer had set up, and use CodeBuild for
data exfiltration from the targeted environment. AWS later updated the CodeBuild service
to block all outbound network access for newly created CodeBuild projects which contain a
customer-defined VPC configuration.


Codebuild data exfiltration

Opsmorph discovered an improper access control vulnerability in authorization logic common in applications built on AWS. The vulnerability means a user 
with permission to create a new Cognito User Group could fool authorization checks into thinking that the user is in any other existing Cognito User 
Group in the same User Pool, referred to as user group spoofing. 
When API Gateway is secured with a Cognito User Pool Authorizer it concatenates group names from the identity token into a comma separated string, 
and as Cognito also permits commas in the group names, this was an ambiguous representation of the groups a user was in that provided an opportunity 
for injection type attack. AWS have since fixed the Cognito User Pool Authorizer so that it now escapes special characters when parsing the groups claim
of the token.


Cognito User Group spoofing

Lidor Ben Shitrit, Roee Sagi

Cosmos DB notebooks lacked an authentication check, meaning that if an attacker
somehow had prior knowledge of a notebook’s temporary ‘forwardingId’ (a 128bit
cryptographically random GUID assigned to a short-lived workspace that expires
after an hour), they could gain full permissions on the notebook, including
read and write access and the ability to modify the file system of the
container running the notebook. These permissions would suffice for an
attacker to obtain remote code execution (RCE) in the notebook container.
However, this would not allow an attacker to execute notebooks, automatically
save notebooks in the victim’s (optionally) connected GitHub repository, or
access data in the Cosmos DB account. Following disclosure, Cosmos DB notebooks
now require an authorization token in the request header before allowing access.


CosMiss

Megan Marsh

Attackers had put malicious AMIs in the marketplace to abuse the CLI''s
way of selecting what AMI to use. Although the concept of planting  malicious
AMIs had existed for a while (ex. in the 2009 presentation "Clobbering the clouds"
by Nicholas Arvanitis, Marco Slaviero, and Haroon Meer) it had not been used specifically
to target this issue with the CLI.


Launching EC2s did not require specifying AMI owner

Ronen Shustin

A Vulnerability in App Service could allow an unprivileged function run by the user to execute code in the 
context of NT AUTHORITY\system, thereby escaping the sandbox. This vulnerability allowed cross-account access 
when using the Free/Shared tier.


Azure App Service RCE

Paul Litvak (Intezer), Wouter ter Maat (Offensi)

A vulnerability in the Azure Linux VM extension mechanism allowed an unprivileged
user to leak any Azure VM extension’s private data. An attacker could have abused
this to gain credentials for the VM itself as well as credentials for extensions
associated with the VM. Paired with the design of the VMAccess extension (an official
Azure extension for managing VM credentials), this could have been used to achieve
privilege escalation, as an unprivileged attacker would have been able to elevate themselves
to a higher privileged user by leaking the VMAccess admin password. Additionally, if the VMAccess
password happened to be shared among other Azure VMs, the attacker would have been able to perform
lateral movement to other machines. The root cause of this vulnerability was that the
certificates endpoint used for decrypting extension credentials did not validate transport
certificates, so an attacker could simply issue their own valid transport certificate.
Moreover, although an iptables rule was in place to prevent unprivileged access to this
endpoint, an attacker could bypass it by directing their requests to the Azure IMDS instead,
which happened to be located on the same machine as the certificates endpoint.


Azure Linux VM extension credential leak

David Yesland

If a user with AWS WorkSpaces 3.0.10-3.1.8 installed visits a page in their
web browser with attacker controlled content, the attacker can get zero click
RCE under common circumstances.


AWS Workspace client RCE

Karl Fosaaen

Automation Account 'Run as' credentials (PFX certificates) were being stored
in cleartext, in Azure Active Directory (AAD). These credentials were available
to anyone with the ability to read information about App Registrations (typically
most AAD users).


CredManifest (Azure AD keyCredential property information disclosure)

Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator).
aws-iam-authenticator can be installed on any Kubernetes cluster, and it is installed by default in any EKS cluster both on AWS cloud and on-premises (Amazon EKS Anywhere).
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
The bug allowed an attacker to (1) craft a malicious token with any action value, (2) without signing the cluster ID, (3) that would manipulate the AccessKeyID value.
Essentially, in clusters using aws-iam-authenticator, if an {{AccessKeyID}} was mapped to an IAM user with cluster admin privileges, any non-privileged user could have escalated their privileges to cluster admin.


AWS IAM Authenticator for Kubernetes AccessKeyID Validation Bypass

The AWS VPN Client application is affected by an arbitrary file write as SYSTEM,
which can lead to privilege escalation and an information disclosure vulnerability
that allows the user's Net-NTLMv2 hash to be leaked via a UNC path in a VPN configuration file.


Privilege Escalation to SYSTEM in AWS VPN Client

Azure forces the install of an agent on Linux VMs, which contained a vulnerability that allowed privilege escalation
(note that this vulnerability is different than OMIGOD, which also resided in the OMI agent).


Azure Open Management Infrastructure (OMI) Elevation of Privilege

Matthias Gerstner

The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file,
which would have allowed local attackers to inject Sudo rules and escalate privileges to root.
This could occur in certain situations involving a race condition.


AWS SSM agent local privilege escalation

Aviv Sasson

A vulnerability in Service Fabric allows Linux containers to escalate their privileges in
order to gain root privileges on the node, and then compromise all of the nodes in the cluster.
An attacker would need to have read/write access to the cluster, and the vulnerability could be
exploited on containers that are configured to have runtime access, but this is granted by default
to every container. Though the bug exists in both the Windows and Linux versions, it is only
exploitable on Linux.


FabricScape (CVE-2022-30137) - Azure Service Fabric privilege escalation

James Sebree

The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for
privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed.
Incorrect permissions on the cxprocessserver service's executable directory allowed new files to be
created in it by any user. Since the service ran automatically and with SYSTEM privileges and attempted
to load DLLs from the directory, this allowed for a DLL hijacking / planting attack.


Microsoft Azure Site Recovery DLL hijacking

Service Fabric Explorer (SFX) is a tool for inspecting and managing Azure Service Fabric clusters.
An attacker with existing access to a "Deployer" type user with CreateComposeDeployment permissions
in a given cluster could create a malicious application with a specially-crafted name. This would
lead to client-side template injection (CSTI) and storing a malicious XSS payload in a dashboard
shared between users of the same cluster. If a victim user with administrative permissions logged
into the compromised SFX dashboard and clicked on the aforementioned payload, the attacker could
hijack their permissions to perform a cluster node reset, erasing all customized settings including
passwords and security configurations. This would allow the attacker to create new passwords and
thereby gain full administrator access of the cluster.


FabriXss

Mo Khan

Azure Arc allows customers to connect on-premises Kubernetes clusters to Azure.
This is facilitated by middleware (the Azure Arc-enabled Kubernetes agent) which
includes a "cluster connect" feature in the form of a reverse proxy. A vulnerability
in this feature could allow an unauthenticated user to elevate their privileges
and potentially gain remote administrative control over any Azure Arc-enabled
cluster, as long as they know its randomly generated external DNS endpoint.
Azure Stack Edge devices are also affected, because the service supports
deployment of Kubernetes workloads via Azure Arc.


Azure Arc-enabled Kubernetes privilege escalation

Mike Brancato

Dataflow worker nodes ran an unauthenticated Java Management Extensions (JMX) service that under
certain circumstances would be exposed to the Internet, thus allowing unauthenticated remote code
execution (RCE) as root in an unprivileged container. The impact of the vulnerability depended on
which service account qA assigned to Dataflow worker nodes (by default, that would be the Google
Compute Engine default service account, which has the project-wide Editor role assigned).


Dataflow RCE via unauthenticated JMX service

Ignacio Dominguez

AWS CodeArtifact was susceptible to dependency confusion / substitution (i.e, publication of a
malicious package to a public repository with the same name as an organization’s internal package).
AWS fixed this issue by adding package origin controls, allowing users to limit how versions of a
given package can be added to a CodeArtifact repository.


Dependency confusion in AWS CodeArtifact

Imre Rad

Under certain conditions, an attacker can flood DHCP packets to the victim
VM, allowing it to impersonate the Metadata server, and grant themselves SSH access.


DHCP abuse for code exec

Johann Rehberger

XSS on EC2 web console

Andrea Brancaleoni

While testing rate-limiter protection, The researcher noticed that when forcing HTTP/1 requests and injecting 
a space after `X-Forwarded-For` he was able to override this specific header, letting him impersonate any IP.
Any internal header could have beem overridden, also the one that should not be exposed/forwarded by the
client, such as `CloudFront-Viewer-Country-Region` or any other `CloudFront` enhanced header. 
This special security issue was affecting all AWS users with that a specific setting enabled.


ELB Cache mechanism HTTP header smuggling

Kasif Dekel

Several cloud desktop solutions rely on a 3rd-party library called Eltima SDK to provide
USB over Ethernet capabilities, to allow users to connect and share local devices such as
webcams. SentinelLabs discovered vulnerabilities in Eltima drivers, including proprietary
versions used by several cloud services (among them AWS Workspaces), that would allow
unprivileged users to escalate privileges to kernel mode.


LPE vulnerability in Eltima (3rd-party cloud desktop driver)

Liv Matan

Multiple Azure Web services use a source control management (SCM) panel powered by Kudu and
enabled by default. These services were all susceptible to a CSRF vulnerability due to an
overly-permissive regular expression (regex) in a filter for malformed origins. This allowed
origin bypass when using a domain name structured as 'victim.scm.azurewebsites.net._.attacker.com'
(note the use of '._.', which looks like an emoji). Thus, if a target Azure user were tricked
into visiting a specially crafted webpage served by a domain with the above name format,
an attacker could exploit this CSRF vulnerability to deploy a zip file containing a malicious
payload (such as a webshell) into a target web application (via the /api/zipdeploy endpoint).
This could have allowed the attacker to gain remote code execution (RCE) as the 'www' user
on the target app, and potentially also lateral movement to other Azure services used by
the target organization, depending on what privileges were granted to the app's managed identity.


EmojiDeploy

Thai Duong (thaidn)

AWS KMS and all versions of AWS Encryption SDKs prior to version 2.0.0 were susceptible to
information leakage (an attacker could create ciphertexts that would leak the user’s AWS account ID,
encryption context, user agent, and IP address upon decryption), ciphertext forgery (an attacker could
create ciphertexts that were accepted by other users) and lack of robustness (an attacker could create
ciphertexts that decrypt to different plaintexts for different users).


Encryption SDK vulnerabilities

Sagi Tzadik, Nir Ohfeld, Shir Tamari, Ronen Shustin

A chain of critical vulnerabilities was discovered in Azure Database for PostgreSQL Flexible Server,
allowing unauthorized read access to other customers’ PostgreSQL databases, thus bypassing tenant isolation.
If exploited, a malicious actor could have replicated and gained read access to Azure PostgreSQL Flexible Server customer databases.


ExtraReplica

Sivanesh Ashok

Google Cloud Compute Engine (GCE) was vulnerable to SSH key injection by abusing an SSH-in-browser feature to change username and password.
An attacker could send a specially-crafted link to a target user, and if the victim was logged into GCP and clicked the link,
the attacker's SSH username and password would be added to the target machine, thereby allowing the attacker to log into it.
This was possible because no random token or CSRF protection had been implemented for the abused feature. For this attack to be successful,
an attacker would need to know certain details of the target machine in advance (including the project name, instance zone and instance name),
and the machine would need to be configured to allow SSH connections (which is the default setting), and accept connections from any IP address.


SSH key injection in Google Cloud Compute Engine

Karan Saini, Riyaz Walikar

Cloud Armor has a documented limitation of 8 KB as the maximum size of web
request that it will inspect. The default behavior of Cloud Armor in this case can allow
oversized malicious requests to bypass Cloud Armor and directly reach an underlying application.
Moreover, Cloud Armor does not warn users of this limitation during policy creation
or when configuring rules from within the web UI, and can only find a reference to
the 8 KB limit in the [Cloud Armor documentation](https://cloud.google.com/armor/docs/security-policy-overview).


The Open Cloud Vulnerability
& Security Issue Database

Tags:

Recently published

EmojiDeploy

Liv Matan, Ermetic

Multiple SSRF vulnerablities in Azure services

Lidor Ben Shitrit, Orca Sec...

AWS CloudTrail bypass for specific IAM actions

Nick Frichette, Datadog

SSH key injection in Google Cloud Compute Engine

Sivanesh Ashok

ACSESSED

Emilien Socchi, mnemonic

Azure Serverless Functions escape to host

Aviv Sasson, Daniel Prizman...

The Open Cloud Vulnerability & Security Issue Database

Tags:

Recently published

EmojiDeploy

Liv Matan, Ermetic

Multiple SSRF vulnerablities in Azure services

Lidor Ben Shitrit, Orca Sec...

AWS CloudTrail bypass for specific IAM actions

Nick Frichette, Datadog

SSH key injection in Google Cloud Compute Engine

Sivanesh Ashok

ACSESSED

Emilien Socchi, mnemonic

Azure Serverless Functions escape to host

Aviv Sasson, Daniel Prizman...

The Open Cloud Vulnerability
& Security Issue Database