An open project to list all known cloud vulnerabilities and CSP security issues
The AWS Amplify service was found to be misconfiguring IAM roles associated with Amplify projects. This misconfiguration caused these roles to be assumable by any other AWS account. Both the Ampl...
Mon, Apr 15th, 2024
A principal with the permissions glue:GetConnection and ec2:DescribeSubnets can retrieve the database password of a connection, since the password is loaded into the AWS console website when a conn...
Thu, Apr 11th, 2024
A flaw in Amazon Managed Workflows for Apache Airflow (MWAA) could have allowed potential session hijacking and remote code execution. The issue stemmed from a combination of session fixation in th...
Thu, Mar 21st, 2024
When the ASR service is enabled, it uses an Automation Account with a System-Assigned Managed Identity to manage Site Recovery extensions on VMs. However, the Runbook (a set of scripts for managing...
Tue, Feb 13th, 2024
Three privilege escalation and denial-of-service vulnerabilities were discovered in Azure HDinsight, related to their usage of Apache Oozie and Ambari. The root cause of at least one of these vulne...
Tue, Feb 6th, 2024
Azure Pipelines and GitHub Actions allow deployment of runners and agents using VM images sourced from a GitHub-managed repository (github.com/actions/runner-images). This repo was misconfigured to...
Wed, Dec 20th, 2023