The Open Cloud Vulnerability
& Security Issue Database

An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues

Search
Tags:

Recently published

high

Cloud SQL privilege escalation

A vulnerability discovered in GCP's Cloud SQL service could be abused to result in complete control of the database engine and access to the host OS. An attacker could have listed and accessed file...

...
Dig

high

API Management SSRF and path traversal vulnerabilities

Azure API Management is an API gateway service meant to help organizations to create, manage, secure, and monitor APIs across all of their environments. Researchers found three high severity vulner...

...
Liv Matan, Ermetic

medium

GhostToken

Google users can find and install third-party OAuth applications from Google Marketplace that are integrated with Google Workspace. Each OAuth application client in Google is associated with a GCP ...

...
Astrix Security

critical

BrokenSesame

ApsaraDB and AnalyticDB contained several vulnerabilities in their PostgreSQL offerings which ultimately allowed unauthorized access to other tenants' databases and the ability to perform a supply-...

...
Ronen Shustin, Shir Tamari,...

medium

Asset Key Thief

Asset Key Thief was a Google Cloud privilege escalation vulnerability that enabled principals with the "Cloud Asset Viewer" role (or other roles with the `cloudasset.assets.searchAllResources` p...

...
Jackson Reid, SADA

low

App Runner cross-tenant VPC connectors info leak

The API action ListVpcConnectorsForAccount did not properly validate the "AccountId" parameter that was passed to it. As a result, any account ID could be provided and the API would return the info...

...
Nick Frichette

View all