An open project to list all known cloud vulnerabilitiesand Cloud Service Provider security issues
Multiple Azure Web services use a source control management (SCM) panel powered by Kudu and enabled by default. These services were all susceptible to a CSRF vulnerability due to an overly-permissi...
Thu, Jan 19th, 2023
SSRF vulnerabilities were discovered in four Azure services: unauthenticated SSRF in Azure Digital Twins Explorer and Azure Functions, and authenticated SSRF in Azure API Management Service and Azu...
Tue, Jan 17th, 2023
Through an undocumented API service called 'iamadmin', attackers could invoke any of 13 read-only IAM actions without the activity being being logged to CloudTrail. These actions included listing g...
Google Cloud Compute Engine (GCE) was vulnerable to SSH key injection by abusing an SSH-in-browser feature to change username and password. An attacker could send a specially-crafted link to a targ...
Thu, Jan 12th, 2023
Azure Cognitive Search (ACS) is a full-text search engine service. A new non-default feature allowed for a network control to bypassed, permitting an attacker to submit search queries to any other ...
Thu, Dec 22nd, 2022
In Azure Serverless Functions, a new container is generated by the host for every function, which is then terminated and deleted after several minutes. Palo Alto discovered that an API call was ava...
Thu, Dec 15th, 2022