An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues
If a malicious actor with prior access to an AWS environment has permission to modify the S3
Replication Service role access policy, they could abuse cross-account replication to exfiltrate
Wed, Jul 20th, 2022
AWS CodeArtifact was susceptible to dependency confusion / substitution (i.e, publication of a
malicious package to a public repository with the same name as an organization’s internal package).
Thu, Jul 14th, 2022
The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for
privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed.
Tue, Jul 12th, 2022
Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator).
aws-iam-authenticator can be inst...
Mon, Jul 11th, 2022
Azure Web Application Firewall (WAF) with OWASP 3.2 managed rule set and below was
vulnerable to command injection bypass using globbing patterns (incorporating the
wildcard "?" in command syntax)....
Fri, Jul 1st, 2022
A vulnerability in Service Fabric (SF allows Linux containers to escalate their privileges in
order to gain root privileges on the node, and then compromise all of the nodes in the cluster.
Tue, Jun 28th, 2022