Hell's Keychain

Published Thu, Dec 1st, 2022


IBM Cloud Databases for PostgreSQL was vulnerable to an attack sequence comprised of PostgreSQL privilege escalation via SQL Injection and chaining of three secrets scattered in the service environment (a K8s service account token, a private container registry password, and CI/CD server credentials), which were abusable due to overly permissive network access to internal build servers. A malicious actor could have exploited this vulnerability to remotely execute code in other customers’ environments in order to read and modify data stored in their PostgreSQL databases.

Affected Services

IBM Cloud Databases


None required.

Tracked CVEs

No tracked CVEs


Disclosure Date
Thu, Aug 25th, 2022
Exploitablity Period
Known ITW Exploitation
Detection Methods
Piercing Index Rating
Discovered by
Ronen Shustin, Shir Tamari, Wiz