The Open Cloud Vulnerability
& Security Issue Database

An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues

Search
Tags:
AWSGCPAzureCriticalHigh

Recently published

low

S3 Replication only logs first destination bucket

If a malicious actor with prior access to an AWS environment has permission to modify the S3 Replication Service role access policy, they could abuse cross-account replication to exfiltrate stolen ...

...
Kat Traxler

medium

Dependency confusion in AWS CodeArtifact

AWS CodeArtifact was susceptible to dependency confusion / substitution (i.e, publication of a malicious package to a public repository with the same name as an organization’s internal package). AW...

...
Ignacio Dominguez, Zego

high

Microsoft Azure Site Recovery DLL hijacking

The Microsoft Azure Site Recovery suite contained a DLL hijacking flaw that allowed for privilege escalation from any low privileged user to SYSTEM on hosts where this service was installed. Incorr...

...
James Sebree, Tenable

high

AWS IAM Authenticator for Kubernetes AccessKeyID Validation Bypass

Amazon Elastic Kubernetes Service (EKS) uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for Kubernetes (aws-iam-authenticator). aws-iam-authenticator can be inst...

...
Gafnit Amiga, Lightspin

medium

Azure WAF managed rule set globbing pattern bypass

Azure Web Application Firewall (WAF) with OWASP 3.2 managed rule set and below was vulnerable to command injection bypass using globbing patterns (incorporating the wildcard "?" in command syntax)....

...
Divyanshu Shukla

medium

FabricScape (CVE-2022-30137) - Azure Service Fabric privilege escalation

A vulnerability in Service Fabric (SF allows Linux containers to escalate their privileges in order to gain root privileges on the node, and then compromise all of the nodes in the cluster. The vul...

...
Aviv Sasson, Palo Alto Netw...

View all