AWS Control Tower was not properly logging to CloudTrail when API calls failed due to a lack of permissions. This could have helped an adversary with existing access to a victim AWS environment avo...
Mon, Mar 20th, 2023
Due to an exposed development endpoint, it was possible to bypass CloudTrail logging for both read and write API actions for the Service Catalog service. This could have enabled adversaries to alte...
Sun, Mar 19th, 2023
For AWS CodeBuild, when using a custom container image stored in ECR and the project service role for the credentials to pull the image, the default IAM policy attached to the role to allow pulli...
Sat, Feb 25th, 2023
Azure Active Directory B2C service (AD B2C) mistakenly implemented RSA key authentication using the public part of the key pair instead of the private one. This cryptographic flaw could have allowe...
Wed, Feb 15th, 2023
AWS applies a rate limit to authentication requests made to the AWS Console in an effort to prevent brute-force and credential stuffing attacks. However, a weakness was discovered in the AWS Consol...
Mon, Feb 6th, 2023
Multiple Azure Web services use a source control management (SCM) panel powered by Kudu and enabled by default. These services were all susceptible to a CSRF vulnerability due to an overly-permissi...
Thu, Jan 19th, 2023