high

AttachMe

Published Tue, Sep 20th, 2022

Platforms

Summary

Any unattached storage volume, or attached storage volumes allowing multi-attachment, could have been read from or written to as long as an attacker knew their Oracle Cloud Identifier (OCID), allowing sensitive data to be exfiltrated or even more impactful attacks to be initiated via executable file manipulation in the target tenant's environment.

Affected Services

OCI Volumes

Remediation

None required.

Tracked CVEs

No tracked CVEs

References

https://wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access

Contributed by https://github.com/nirohfeld

Disclosure Date

Thu, Jun 9th, 2022

Exploitablity Period

Known ITW Exploitation

Detection Methods

Piercing Index Rating

Discovered by

Elad Gabay, Wiz

More vulnerabilities...

medium

Synapse Spark LPE

Azure Synapse Analytics is an analytics service for processing data using various runtimes, among them Apache Spark. Synapse provided users the capability to mount Azure File Shares to their Apache...

Tzah Pahima, Orca Security

Thu, Sep 1st, 2022

medium

SNS SigningCertUrl improper validation

Amazon SNS' signature validation in the official SDK relied on a weak regex for default AWS certificate locations, that would incorrectly match an S3 bucket named `sns`. This bucket happened to be...

Eugene Lim

Fri, Aug 19th, 2022

medium

Cloud SQL escape to host

In GCP's case, they introduced a modification to the Cloud SQL's PostgreSQL engine allowing the role assigned to the tenant (cloudsqlsuperuser) to arbitrarily change the ownership of a table to any...

Shir Tamari, Nir Ohfeld, Sa...

Thu, Aug 11th, 2022

View all