An open project to list all known cloud vulnerabilities and CSP security issues
A vulnerability in Power Platform could lead to unauthorized access to Custom Code functions used for custom connectors, thereby allowing cross-tenant information disclosure of secrets or other sen...
Fri, Aug 4th, 2023
An information disclosure vulnerability in the Google Cloud Build service could have allowed an attacker to view sensitive logs if they had gained prior access to a GCP environment and had permissi...
Tue, Jul 18th, 2023
Descope identified a possible misconfiguration in Azure AD which could lead to misuse of the "Log in with Microsoft" authentication method on a web app. If an application relies on email attribute ...
Tue, Jun 20th, 2023
Orca discovered vulnerabilities in Azure Bastion and Azure Container Registry that could have enabled an attacker to achieve Cross-Site Scripting (XSS) by using iframe postMessages. The vulnerabili...
Wed, Jun 14th, 2023
Binary Security found two vulnerabilities in the legacy Azure Resource Manager (ARM) REST API. The first vulnerability allowed an attacker with Reader access to an Azure Function, acting from a Win...
Mon, Jun 12th, 2023
AWS Directory Service didn't check the iam:PassRole permissions when using the EnableRoleAccess action. This could have been used for privilege escalation by an authenticated user with sufficient p...
Wed, Jun 7th, 2023