An open project to list all known cloud vulnerabilities and CSP security issues
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project, in a way that isn't properly documented. The Document AI service agent is auto-assigned wi...
Mon, Sep 16th, 2024
Google Cloud Composer is a managed service for Apache Airflow. Tenable discovered that the Cloud Composer package was vulnerable to dependency confusion, which could have allowed attackers to injec...
Tue, Aug 20th, 2024
Tue, Aug 13th, 2024
GCP administrators face challenges in managing HMAC keys within their organizations, lacking visibility into which user accounts have generated these keys and whether they are actively being used...
Mon, Jun 17th, 2024
Cloud Audit Logs do not capture actions mediated through the cloud console private API service (cloudconsole-pa). Consequently, there is no logging of HMAC key creation or deletion linked to user...