medium

Azure Cloud Shell terminal escape

Published Wed, Jan 9th, 2019

Platforms

Summary

If attacker controlled data is viewed in Cloudshell it could have led to code execution. This exact same issue was later discovered in AWS as well.

Affected Services

Cloudshell

Remediation

None required

Tracked CVEs

No tracked CVEs

References

https://twitter.com/_fel1x/status/1083085715565621250

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Wed, Jan 9th, 2019

Exploitability Period

Known ITW Exploitation

Detection Methods

None

Piercing Index Rating

Discovered by

Felix Wilhelm, Google

More vulnerabilities...

low

Resource policy confused deputy issue with services

Resource policies lacked a way of restricting service access to only your own account, allowing an attacker to leverage a service to potentially access your resources. Originally discovered by Dan ...

Dan Peebles, BridgewaterNov 28, 2018

medium

Launching EC2s did not require specifying AMI owner

Attackers had put malicious AMIs in the marketplace to abuse the CLI''s way of selecting what AMI to use. Although the concept of planting malicious AMIs had existed for a while (ex. in the 2009 p...

Megan MarshAug 13, 2018

low

Subdomain takeover via Azure Traffic Manager

Patrick Hudak demonstrated possible subdomain takeover using the Traffic Manager in Azure.

Patrick HudakAug 10, 2018

View all