An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues
A vulnerability discovered in GCP's Cloud SQL service could be abused
to result in complete control of the database engine and access to the
host OS. An attacker could have listed and accessed file...
Wed, May 24th, 2023
Azure API Management is an API gateway service meant to help organizations to create, manage, secure,
and monitor APIs across all of their environments. Researchers found three high severity vulner...
Thu, May 4th, 2023
Google users can find and install third-party OAuth applications from Google Marketplace that are integrated with Google Workspace.
Each OAuth application client in Google is associated with a GCP ...
Fri, Apr 21st, 2023
ApsaraDB and AnalyticDB contained several vulnerabilities in their PostgreSQL offerings
which ultimately allowed unauthorized access to other tenants' databases and the ability
to perform a supply-...
Wed, Apr 19th, 2023
Asset Key Thief was a Google Cloud
privilege escalation vulnerability that enabled
principals with the "Cloud Asset Viewer" role (or other roles
with the `cloudasset.assets.searchAllResources` p...
The API action ListVpcConnectorsForAccount did not properly validate the "AccountId" parameter
that was passed to it. As a result, any account ID could be provided and the API would return
Mon, Apr 3rd, 2023