An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues
A vulnerability discovered in GCP's Cloud SQL service could be abused to result in complete control of the database engine and access to the host OS. An attacker could have listed and accessed file...
Wed, May 24th, 2023
Azure API Management is an API gateway service meant to help organizations to create, manage, secure, and monitor APIs across all of their environments. Researchers found three high severity vulner...
Thu, May 4th, 2023
Google users can find and install third-party OAuth applications from Google Marketplace that are integrated with Google Workspace. Each OAuth application client in Google is associated with a GCP ...
Fri, Apr 21st, 2023
ApsaraDB and AnalyticDB contained several vulnerabilities in their PostgreSQL offerings which ultimately allowed unauthorized access to other tenants' databases and the ability to perform a supply-...
Wed, Apr 19th, 2023
Asset Key Thief was a Google Cloud privilege escalation vulnerability that enabled principals with the "Cloud Asset Viewer" role (or other roles with the `cloudasset.assets.searchAllResources` p...
The API action ListVpcConnectorsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would return the info...
Mon, Apr 3rd, 2023