The Open Cloud Vulnerability and Security Issue Database

The Open Cloud Vulnerability and Security Issue Database https://www.cloudvulndb.org An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues. Sun, 10 May 2026 10:27:02 GMT https://validator.w3.org/feed/docs/rss2.html https://github.com/jpmonette/feed The Open Cloud Vulnerability and Security Issue Database https://www.cloudvulndb.org/rss_feed_logo.png https://www.cloudvulndb.org <![CDATA[Entra ID actor token validation bug allowing cross-tenant global admin]]> https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens Wed, 17 Sep 2025 00:00:00 GMT <![CDATA[Dataform cross-tenant path traversal]]> https://www.cloudvulndb.org/dataform-path-traversal https://www.cloudvulndb.org/dataform-path-traversal Thu, 21 Aug 2025 00:00:00 GMT <![CDATA[AWS ECS Agent Information Disclosure Vulnerability]]> https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability Thu, 14 Aug 2025 00:00:00 GMT <![CDATA[Remote Prompt Injection in GitLab Duo Leaks Source Code]]> https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak Thu, 22 May 2025 00:00:00 GMT <![CDATA[AWS Security Tool Introduces Privilege Escalation Risk]]> https://www.cloudvulndb.org/aws-security-tool-risk https://www.cloudvulndb.org/aws-security-tool-risk Mon, 19 May 2025 00:00:00 GMT <![CDATA[FreeRTOS and coreSNTP Security Advisories]]> https://www.cloudvulndb.org/freertos-coresntp-advisories https://www.cloudvulndb.org/freertos-coresntp-advisories Sat, 10 May 2025 00:00:00 GMT <![CDATA[Azure AZNFS-mount Utility Root Privilege Escalation]]> https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation Tue, 06 May 2025 00:00:00 GMT <![CDATA[AWS Default Roles Can Lead to Service Takeover]]> https://www.cloudvulndb.org/aws-default-roles-service-takeover https://www.cloudvulndb.org/aws-default-roles-service-takeover Tue, 29 Apr 2025 00:00:00 GMT <![CDATA[Google Cloud ConfusedComposer Privilege Escalation Vulnerability]]> https://www.cloudvulndb.org/gcp-confused-composer-vulnerability https://www.cloudvulndb.org/gcp-confused-composer-vulnerability Tue, 22 Apr 2025 00:00:00 GMT <![CDATA[Burning Data with Malicious Firewall Rules in Azure SQL]]> https://www.cloudvulndb.org/burning-data-azure-sql-firewall https://www.cloudvulndb.org/burning-data-azure-sql-firewall Tue, 15 Apr 2025 00:00:00 GMT <![CDATA[Path Traversal in AWS SSM Agent Plugin ID Validation]]> https://www.cloudvulndb.org/aws-ssm-agent-path-traversal https://www.cloudvulndb.org/aws-ssm-agent-path-traversal Wed, 09 Apr 2025 00:00:00 GMT <![CDATA[ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run]]> https://www.cloudvulndb.org/imagerunner https://www.cloudvulndb.org/imagerunner Tue, 01 Apr 2025 00:00:00 GMT <![CDATA[CodeQLEAKED - CodeQL Supply Chain Attack via Exposed Secret]]> https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret https://www.cloudvulndb.org/codeql-supply-chain-attack-exposed-secret Wed, 26 Mar 2025 00:00:00 GMT <![CDATA[Entra ID Bug Creates Immutable Users]]> https://www.cloudvulndb.org/entra-id-immutable-users-bug https://www.cloudvulndb.org/entra-id-immutable-users-bug Tue, 25 Mar 2025 00:00:00 GMT <![CDATA[AWS CDK CLI Issue with Custom Credential Plugins]]> https://www.cloudvulndb.org/aws-cdk-cli-credential-plugin-issue https://www.cloudvulndb.org/aws-cdk-cli-credential-plugin-issue Fri, 21 Mar 2025 00:00:00 GMT <![CDATA[Azure API Connections Expose Backend Secrets]]> https://www.cloudvulndb.org/azure-api-connections-secrets https://www.cloudvulndb.org/azure-api-connections-secrets Mon, 10 Mar 2025 00:00:00 GMT <![CDATA[Issue with AWS Temporary Elevated Access Management]]> https://www.cloudvulndb.org/aws-team-cve-2025-1969 https://www.cloudvulndb.org/aws-team-cve-2025-1969 Tue, 04 Mar 2025 00:00:00 GMT <![CDATA[Silent Reaper (Azure LogicApp Secrets Control Plane Exfiltration)]]> https://www.cloudvulndb.org/azure-logic-apps-secrets-control-plane-exfiltration https://www.cloudvulndb.org/azure-logic-apps-secrets-control-plane-exfiltration Wed, 26 Feb 2025 00:00:00 GMT <![CDATA[Vault Recon (Azure KeyVault Secrets Metadata Control Plane Exfiltration)]]> https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration https://www.cloudvulndb.org/azure-vault-recon-keyvault-secret-metadata-control-plane-exfiltration Wed, 26 Feb 2025 00:00:00 GMT <![CDATA[AWS EKS Logged ServiceAccount Tokens in Plaintext]]> https://www.cloudvulndb.org/eks-logged-serviceaccount-tokens-plaintext https://www.cloudvulndb.org/eks-logged-serviceaccount-tokens-plaintext Wed, 26 Feb 2025 00:00:00 GMT <![CDATA[Abusing AWS Serverless Image Handler Configuration Weakness]]> https://www.cloudvulndb.org/aws-serverless-image-handler-weakness https://www.cloudvulndb.org/aws-serverless-image-handler-weakness Wed, 19 Feb 2025 00:00:00 GMT <![CDATA[Entra ID Allows Users to Update Principal Names]]> https://www.cloudvulndb.org/entra-id-upn-update-flaw https://www.cloudvulndb.org/entra-id-upn-update-flaw Fri, 24 Jan 2025 00:00:00 GMT <![CDATA[AWS Sign-in IAM User Login Flow Username Enumeration]]> https://www.cloudvulndb.org/aws-iam-login-username-enumeration https://www.cloudvulndb.org/aws-iam-login-username-enumeration Thu, 23 Jan 2025 00:00:00 GMT <![CDATA[Finding SSRFs in Azure DevOps]]> https://www.cloudvulndb.org/ssrfs-azure-devops https://www.cloudvulndb.org/ssrfs-azure-devops Fri, 17 Jan 2025 00:00:00 GMT <![CDATA[CloudWatch Dashboard Sharing Exposes EC2 Tags]]> https://www.cloudvulndb.org/cloudwatch-dashboard-sharing-exposes-tags https://www.cloudvulndb.org/cloudwatch-dashboard-sharing-exposes-tags Thu, 16 Jan 2025 00:00:00 GMT <![CDATA[Issue with Amazon WorkSpaces and AppStream 2.0 Clients]]> https://www.cloudvulndb.org/amazon-workspaces-appstream-vulnerability https://www.cloudvulndb.org/amazon-workspaces-appstream-vulnerability Wed, 15 Jan 2025 00:00:00 GMT <![CDATA[Hijacking Azure Machine Learning Notebooks]]> https://www.cloudvulndb.org/azure-ml-notebook-hijacking https://www.cloudvulndb.org/azure-ml-notebook-hijacking Wed, 08 Jan 2025 00:00:00 GMT <![CDATA[AWS Neuron SDK Dependency Confusion Vulnerability Recurs]]> https://www.cloudvulndb.org/aws-neuron-sdk-dependency-confusion https://www.cloudvulndb.org/aws-neuron-sdk-dependency-confusion Sun, 29 Dec 2024 00:00:00 GMT <![CDATA[Dirty DAG - Azure Apache Airflow Integration Vulnerabilities]]> https://www.cloudvulndb.org/azure-airflow-vulnerabilities https://www.cloudvulndb.org/azure-airflow-vulnerabilities Mon, 16 Dec 2024 00:00:00 GMT <![CDATA[Bedrock API Logging Issue]]> https://www.cloudvulndb.org/bedrock-api-logging-issue https://www.cloudvulndb.org/bedrock-api-logging-issue Thu, 12 Dec 2024 00:00:00 GMT <![CDATA[Code Execution in Azure API Management Developer Portal]]> https://www.cloudvulndb.org/azure-api-management-dev-portal-rce https://www.cloudvulndb.org/azure-api-management-dev-portal-rce Wed, 11 Dec 2024 00:00:00 GMT <![CDATA[ModeLeak: LLM Model Exfiltration Vulnerability in Vertex AI]]> https://www.cloudvulndb.org/gcp-vertexai-vulnerabilities https://www.cloudvulndb.org/gcp-vertexai-vulnerabilities Tue, 12 Nov 2024 00:00:00 GMT <![CDATA[Sketchy Cheat Sheet]]> https://www.cloudvulndb.org/cloud-architecture-tool-vulnerabilities https://www.cloudvulndb.org/cloud-architecture-tool-vulnerabilities Sat, 09 Nov 2024 00:00:00 GMT <![CDATA[Issue with data.all Framework Multiple CVEs]]> https://www.cloudvulndb.org/data-all-framework-cves https://www.cloudvulndb.org/data-all-framework-cves Fri, 08 Nov 2024 00:00:00 GMT <![CDATA[Confused Deputy Vulnerability in Amazon DataZone]]> https://www.cloudvulndb.org/datazone-confused-deputy-vulnerability https://www.cloudvulndb.org/datazone-confused-deputy-vulnerability Fri, 01 Nov 2024 00:00:00 GMT <![CDATA[Repo swatting attack deletes/blocks GitHub and GitLab accounts]]> https://www.cloudvulndb.org/repo-swatting-attack-deletes-github-gitlab-accounts https://www.cloudvulndb.org/repo-swatting-attack-deletes-github-gitlab-accounts Fri, 01 Nov 2024 00:00:00 GMT <![CDATA[AWS CDK Bucket Squatting Risk]]> https://www.cloudvulndb.org/aws-cdk-squatting https://www.cloudvulndb.org/aws-cdk-squatting Thu, 24 Oct 2024 00:00:00 GMT <![CDATA[Missing JWT issuer and signer validation in ALB middleware]]> https://www.cloudvulndb.org/missing-jwt-issuer https://www.cloudvulndb.org/missing-jwt-issuer Mon, 21 Oct 2024 00:00:00 GMT <![CDATA[CloudShell Vulnerability Grants Unintended AWS Access]]> https://www.cloudvulndb.org/cloudshell-aws-access-vulnerability https://www.cloudvulndb.org/cloudshell-aws-access-vulnerability Tue, 15 Oct 2024 00:00:00 GMT <![CDATA[Data exfil via VPC endpoint denials in CloudTrail]]> https://www.cloudvulndb.org/vpc-endpoint-log-data-exfil https://www.cloudvulndb.org/vpc-endpoint-log-data-exfil Tue, 15 Oct 2024 00:00:00 GMT <![CDATA[Subdomain Takeover Vulnerability in GitLab Pages]]> https://www.cloudvulndb.org/subdomain-takeover-vulnerability-gitlab-pages https://www.cloudvulndb.org/subdomain-takeover-vulnerability-gitlab-pages Wed, 09 Oct 2024 00:00:00 GMT <![CDATA[Google Cloud Data Fusion GitHub Actions Vulnerabilities]]> https://www.cloudvulndb.org/data-fusion-github-actions-vulns https://www.cloudvulndb.org/data-fusion-github-actions-vulns Thu, 26 Sep 2024 00:00:00 GMT <![CDATA[CloudImposer]]> https://www.cloudvulndb.org/cloudimposer-gcp https://www.cloudvulndb.org/cloudimposer-gcp Mon, 16 Sep 2024 00:00:00 GMT <![CDATA[Document AI data exfiltration]]> https://www.cloudvulndb.org/gcp-document-ai-data-exfil https://www.cloudvulndb.org/gcp-document-ai-data-exfil Mon, 16 Sep 2024 00:00:00 GMT <![CDATA[Escalating from Reader to Contributor in Azure API Management]]> https://www.cloudvulndb.org/azure-apim-reader-contributor-escalation https://www.cloudvulndb.org/azure-apim-reader-contributor-escalation Fri, 13 Sep 2024 00:00:00 GMT <![CDATA[Security Flaw in AWS Transit Gateway Peering Attachments]]> https://www.cloudvulndb.org/aws-transit-gateway-peering-flaw https://www.cloudvulndb.org/aws-transit-gateway-peering-flaw Thu, 12 Sep 2024 00:00:00 GMT <![CDATA[Copilot Studio information disclosure via SSRF]]> https://www.cloudvulndb.org/copilot-studio-infoleak-ssrf https://www.cloudvulndb.org/copilot-studio-infoleak-ssrf Tue, 20 Aug 2024 00:00:00 GMT <![CDATA[WireServing Up Credentials in Azure Kubernetes Services]]> https://www.cloudvulndb.org/wireserving-credentials-azure-kubernetes https://www.cloudvulndb.org/wireserving-credentials-azure-kubernetes Mon, 19 Aug 2024 00:00:00 GMT <![CDATA[AWS Direct Connect route injection issue]]> https://www.cloudvulndb.org/aws-direct-connect-route-injection https://www.cloudvulndb.org/aws-direct-connect-route-injection Thu, 15 Aug 2024 00:00:00 GMT <![CDATA[Azue Health privilege escalation via SSRF]]> https://www.cloudvulndb.org/azure-health-pe-ssrf https://www.cloudvulndb.org/azure-health-pe-ssrf Tue, 13 Aug 2024 00:00:00 GMT <![CDATA[Bucket Monopoly Attack on AWS Services]]> https://www.cloudvulndb.org/bucket-monopoly-aws-attack https://www.cloudvulndb.org/bucket-monopoly-aws-attack Wed, 07 Aug 2024 00:00:00 GMT <![CDATA[Privilege Elevation Vulnerability in Entra ID]]> https://www.cloudvulndb.org/entra-id-privilege-elevation https://www.cloudvulndb.org/entra-id-privilege-elevation Wed, 07 Aug 2024 00:00:00 GMT <![CDATA[GCP Cloud Functions Privilege Escalation Vulnerability]]> https://www.cloudvulndb.org/gcp-cloud-functions-privilege-escalation-vulnerability https://www.cloudvulndb.org/gcp-cloud-functions-privilege-escalation-vulnerability Wed, 24 Jul 2024 00:00:00 GMT <![CDATA[AWS Client VPN buffer overflow]]> https://www.cloudvulndb.org/aws-client-vpn-buffer-overflow https://www.cloudvulndb.org/aws-client-vpn-buffer-overflow Tue, 16 Jul 2024 00:00:00 GMT <![CDATA[Unauthorized Access to AWS Account Findings in Microsoft Defender for Cloud]]> https://www.cloudvulndb.org/mdc-aws-findings-disclosure https://www.cloudvulndb.org/mdc-aws-findings-disclosure Mon, 15 Jul 2024 00:00:00 GMT <![CDATA[Azure Machine Learning SSRF]]> https://www.cloudvulndb.org/azure-ml-ssrf-pt https://www.cloudvulndb.org/azure-ml-ssrf-pt Mon, 17 Jun 2024 00:00:00 GMT <![CDATA[GCP HMAC Keys do not log creation, deletion or usage]]> https://www.cloudvulndb.org/gcp-hmac-keys-insufficient-logging https://www.cloudvulndb.org/gcp-hmac-keys-insufficient-logging Mon, 17 Jun 2024 00:00:00 GMT <![CDATA[GCP HMAC Keys are not discoverable or revokable other than for self]]> https://www.cloudvulndb.org/gcp-hmac-keys-unauditable https://www.cloudvulndb.org/gcp-hmac-keys-unauditable Mon, 17 Jun 2024 00:00:00 GMT <![CDATA[GitHub Copilot Chat Vulnerable to Data Exfiltration]]> https://www.cloudvulndb.org/github-copilot-chat-data-exfiltration https://www.cloudvulndb.org/github-copilot-chat-data-exfiltration Fri, 14 Jun 2024 00:00:00 GMT <![CDATA[Issue with AWS Deployment Framework]]> https://www.cloudvulndb.org/aws-deployment-framework-issue https://www.cloudvulndb.org/aws-deployment-framework-issue Tue, 11 Jun 2024 00:00:00 GMT <![CDATA[Issue with Amazon EC2 VM Import Export Service]]> https://www.cloudvulndb.org/ec2-vm-import-export-issue https://www.cloudvulndb.org/ec2-vm-import-export-issue Tue, 11 Jun 2024 00:00:00 GMT <![CDATA[Abusing Service Tags to Bypass Azure Firewall Rules]]> https://www.cloudvulndb.org/azure-firewall-bypass https://www.cloudvulndb.org/azure-firewall-bypass Mon, 03 Jun 2024 00:00:00 GMT <![CDATA[Non-Production AWS Endpoints as Attack Surface]]> https://www.cloudvulndb.org/aws-non-production-endpoints-attack https://www.cloudvulndb.org/aws-non-production-endpoints-attack Tue, 28 May 2024 00:00:00 GMT <![CDATA[Internal Azure Container Registry writable via exposed secret]]> https://www.cloudvulndb.org/azure-internal-acr-secret https://www.cloudvulndb.org/azure-internal-acr-secret Thu, 16 May 2024 00:00:00 GMT <![CDATA[Lethal Injection]]> https://www.cloudvulndb.org/lethal-injection https://www.cloudvulndb.org/lethal-injection Tue, 07 May 2024 00:00:00 GMT <![CDATA[GraphNinja]]> https://www.cloudvulndb.org/graph-ninja https://www.cloudvulndb.org/graph-ninja Mon, 29 Apr 2024 00:00:00 GMT <![CDATA[Azure tenant takeover via Microsoft application]]> https://www.cloudvulndb.org/azure-tenant-takeover-microsoft-application https://www.cloudvulndb.org/azure-tenant-takeover-microsoft-application Fri, 26 Apr 2024 00:00:00 GMT <![CDATA[AWS Amplify IAM role publicly assumable exposure]]> https://www.cloudvulndb.org/aws-amplify-iam-role-publicly-assumable-exposure https://www.cloudvulndb.org/aws-amplify-iam-role-publicly-assumable-exposure Mon, 15 Apr 2024 00:00:00 GMT <![CDATA[AWS Glue database password leakage]]> https://www.cloudvulndb.org/aws-glue-database-password-leakage https://www.cloudvulndb.org/aws-glue-database-password-leakage Thu, 11 Apr 2024 00:00:00 GMT <![CDATA[AWS IAM Trust Policy Condition Evaluation Bug]]> https://www.cloudvulndb.org/aws-iam-trust-policy-condition-evaluation-bug https://www.cloudvulndb.org/aws-iam-trust-policy-condition-evaluation-bug Tue, 09 Apr 2024 00:00:00 GMT <![CDATA[Bazel supply chain vulnerability]]> https://www.cloudvulndb.org/bazel_supply_chain https://www.cloudvulndb.org/bazel_supply_chain Wed, 03 Apr 2024 00:00:00 GMT <![CDATA[Critical GitLab Account Takeover Vulnerability]]> https://www.cloudvulndb.org/critical-gitlab-account-takeover-vulnerability https://www.cloudvulndb.org/critical-gitlab-account-takeover-vulnerability Wed, 03 Apr 2024 00:00:00 GMT <![CDATA[Flaw in Bedrock's Foundation Model Access Control]]> https://www.cloudvulndb.org/bedrock-access-control-flaw https://www.cloudvulndb.org/bedrock-access-control-flaw Wed, 27 Mar 2024 00:00:00 GMT <![CDATA[IAM Policy Flaw Allowed Unauthorized Access to Bedrock Models]]> https://www.cloudvulndb.org/bedrock-models-iam-flaw https://www.cloudvulndb.org/bedrock-models-iam-flaw Sun, 24 Mar 2024 00:00:00 GMT <![CDATA[FlowFixation]]> https://www.cloudvulndb.org/flowfixation https://www.cloudvulndb.org/flowfixation Thu, 21 Mar 2024 00:00:00 GMT <![CDATA[Synapse Analytics privilege escalation via intelligent caching]]> https://www.cloudvulndb.org/synapse-vegas-lpe https://www.cloudvulndb.org/synapse-vegas-lpe Thu, 07 Mar 2024 00:00:00 GMT <![CDATA[Azure Site Recovery privilege escalation]]> https://www.cloudvulndb.org/azure-site-recovery-pe https://www.cloudvulndb.org/azure-site-recovery-pe Tue, 13 Feb 2024 00:00:00 GMT <![CDATA[Azure HDInsight privilege escalation and DoS vulnerabilities]]> https://www.cloudvulndb.org/azure-hdinsight-dos https://www.cloudvulndb.org/azure-hdinsight-dos Tue, 06 Feb 2024 00:00:00 GMT <![CDATA[Azure Devops Zero-Click CI/CD Vulnerability]]> https://www.cloudvulndb.org/azure-devops-zero-click https://www.cloudvulndb.org/azure-devops-zero-click Wed, 31 Jan 2024 00:00:00 GMT <![CDATA[Google Cloud GKE Unsecure Sys:All Binding]]> https://www.cloudvulndb.org/gcp-gke-sys-all https://www.cloudvulndb.org/gcp-gke-sys-all Wed, 24 Jan 2024 00:00:00 GMT <![CDATA[Amazon Q for Business Data Exfiltration]]> https://www.cloudvulndb.org/aws-amazon-q-data-exfil https://www.cloudvulndb.org/aws-amazon-q-data-exfil Thu, 18 Jan 2024 00:00:00 GMT <![CDATA[Microsoft Healthcare Chatbot Vulnerabilities]]> https://www.cloudvulndb.org/microsoft-healthcare-chatbot-vulnerabilities https://www.cloudvulndb.org/microsoft-healthcare-chatbot-vulnerabilities Mon, 01 Jan 2024 00:00:00 GMT <![CDATA[Amazon Cognito Rate Limit Bypass Vulnerability]]> https://www.cloudvulndb.org/cognito-rate-limit-bypass https://www.cloudvulndb.org/cognito-rate-limit-bypass Wed, 27 Dec 2023 00:00:00 GMT <![CDATA[Data Exfiltration Through CloudTrail]]> https://www.cloudvulndb.org/cloudtrail-data-exfiltration https://www.cloudvulndb.org/cloudtrail-data-exfiltration Wed, 20 Dec 2023 00:00:00 GMT <![CDATA[Poisoning GitHub's Runner Images Supply Chain Attack]]> https://www.cloudvulndb.org/github-runner-images-supply-chain https://www.cloudvulndb.org/github-runner-images-supply-chain Wed, 20 Dec 2023 00:00:00 GMT <![CDATA[Azure Pipelines Agent poisoned pipeline execution]]> https://www.cloudvulndb.org/pipelines-agent-ppe https://www.cloudvulndb.org/pipelines-agent-ppe Wed, 20 Dec 2023 00:00:00 GMT <![CDATA[AWS IAM Identity Center Expiry]]> https://www.cloudvulndb.org/aws-iam-identity-center-expiry https://www.cloudvulndb.org/aws-iam-identity-center-expiry Tue, 19 Dec 2023 00:00:00 GMT 24 hours had passed. ]]> 24 hours had passed. ]]> <![CDATA[Google OAuth Vulnerability Allows Indefinite Access]]> https://www.cloudvulndb.org/google-oauth-vulnerability-indefinite-access https://www.cloudvulndb.org/google-oauth-vulnerability-indefinite-access Fri, 15 Dec 2023 00:00:00 GMT <![CDATA[Control plane bypass in Azure OpenAI]]> https://www.cloudvulndb.org/azure-openai-control-bypass https://www.cloudvulndb.org/azure-openai-control-bypass Tue, 12 Dec 2023 00:00:00 GMT <![CDATA[Google Workspace Domain-Wide Delegation Flaw]]> https://www.cloudvulndb.org/google-workspace-domain-wide-delegation-risk https://www.cloudvulndb.org/google-workspace-domain-wide-delegation-risk Thu, 30 Nov 2023 00:00:00 GMT <![CDATA[Extracting Managed Identity Credentials from Azure Functions]]> https://www.cloudvulndb.org/azure-function-credential-extraction https://www.cloudvulndb.org/azure-function-credential-extraction Thu, 16 Nov 2023 00:00:00 GMT <![CDATA[Azure CLI Leaks Credentials in GitHub Actions Logs]]> https://www.cloudvulndb.org/azure-cli-credential-leak https://www.cloudvulndb.org/azure-cli-credential-leak Tue, 14 Nov 2023 00:00:00 GMT <![CDATA[CLI Tools Leak Credentials in GitHub Actions Logs]]> https://www.cloudvulndb.org/cli-tools-leak-credentials-github-actions-logs https://www.cloudvulndb.org/cli-tools-leak-credentials-github-actions-logs Tue, 14 Nov 2023 00:00:00 GMT <![CDATA[Azure Automation Service Used for Cryptocurrency Mining]]> https://www.cloudvulndb.org/azure-automation-crypto-mining https://www.cloudvulndb.org/azure-automation-crypto-mining Wed, 08 Nov 2023 00:00:00 GMT <![CDATA[AWS AppFlow secrets disclosure]]> https://www.cloudvulndb.org/aws-appflow-secrets-disclosure https://www.cloudvulndb.org/aws-appflow-secrets-disclosure Mon, 06 Nov 2023 00:00:00 GMT <![CDATA[AWS AppFlow WooCommerce SSRF]]> https://www.cloudvulndb.org/aws-appflow-woocommerce-ssrf https://www.cloudvulndb.org/aws-appflow-woocommerce-ssrf Mon, 06 Nov 2023 00:00:00 GMT <![CDATA[Hacking Google Bard via Prompt Injection]]> https://www.cloudvulndb.org/google-bard-prompt-injection https://www.cloudvulndb.org/google-bard-prompt-injection Fri, 03 Nov 2023 00:00:00 GMT <![CDATA[ApatchMe]]> https://www.cloudvulndb.org/apatchme https://www.cloudvulndb.org/apatchme Thu, 02 Nov 2023 00:00:00 GMT <![CDATA[Azure AI Playground data exfiltration]]> https://www.cloudvulndb.org/azure-ai-playground-data-exfil https://www.cloudvulndb.org/azure-ai-playground-data-exfil Thu, 19 Oct 2023 00:00:00 GMT <![CDATA[Vertex AI Studio data exfiltration]]> https://www.cloudvulndb.org/gcp-vertex-ai-data-exfil https://www.cloudvulndb.org/gcp-vertex-ai-data-exfil Thu, 19 Oct 2023 00:00:00 GMT <![CDATA[Amazon WorkSpaces Windows client credential logging]]> https://www.cloudvulndb.org/aws-2023-010 https://www.cloudvulndb.org/aws-2023-010 Fri, 06 Oct 2023 00:00:00 GMT <![CDATA[AWS API Gateway Header Smuggling and Cache Confusion]]> https://www.cloudvulndb.org/aws-api-gateway-header-smuggling https://www.cloudvulndb.org/aws-api-gateway-header-smuggling Tue, 19 Sep 2023 00:00:00 GMT <![CDATA[Chronicle cross-customer bucket access]]> https://www.cloudvulndb.org/gcp-chronicle-cross-customer-bucket-access https://www.cloudvulndb.org/gcp-chronicle-cross-customer-bucket-access Tue, 19 Sep 2023 00:00:00 GMT <![CDATA[AWS AppStream Cloudtrail Bypass]]> https://www.cloudvulndb.org/aws-appstream-cloudtrail-bypass https://www.cloudvulndb.org/aws-appstream-cloudtrail-bypass Mon, 11 Sep 2023 00:00:00 GMT <![CDATA[Power Platform Privilege Escalation in Azure AD]]> https://www.cloudvulndb.org/power-platform-privilege-escalation https://www.cloudvulndb.org/power-platform-privilege-escalation Thu, 24 Aug 2023 00:00:00 GMT <![CDATA[Power Platform Custom Code information disclosure]]> https://www.cloudvulndb.org/power-platform-info-leak https://www.cloudvulndb.org/power-platform-info-leak Fri, 04 Aug 2023 00:00:00 GMT <![CDATA[Bad.Build]]> https://www.cloudvulndb.org/badbuild https://www.cloudvulndb.org/badbuild Tue, 18 Jul 2023 00:00:00 GMT <![CDATA[Azure Front Door client-side desync]]> https://www.cloudvulndb.org/azure-front-door-desync https://www.cloudvulndb.org/azure-front-door-desync Tue, 27 Jun 2023 00:00:00 GMT <![CDATA[Critical Authentication Bypass in Google Cloud API Gateway]]> https://www.cloudvulndb.org/google-cloud-api-gateway-bypass https://www.cloudvulndb.org/google-cloud-api-gateway-bypass Wed, 21 Jun 2023 00:00:00 GMT <![CDATA[nOAuth]]> https://www.cloudvulndb.org/noauth https://www.cloudvulndb.org/noauth Tue, 20 Jun 2023 00:00:00 GMT <![CDATA[XSS in Azure Bastion and Container Registry]]> https://www.cloudvulndb.org/bastion-container-reg-xss https://www.cloudvulndb.org/bastion-container-reg-xss Wed, 14 Jun 2023 00:00:00 GMT <![CDATA[Bucket Traversal in Google Cloud Storage Transfer Manager]]> https://www.cloudvulndb.org/gcs-bucket-traversal https://www.cloudvulndb.org/gcs-bucket-traversal Tue, 13 Jun 2023 00:00:00 GMT <![CDATA[Azure App Services takeover via legacy API]]> https://www.cloudvulndb.org/azure-mgmt-api-rce https://www.cloudvulndb.org/azure-mgmt-api-rce Mon, 12 Jun 2023 00:00:00 GMT <![CDATA[AWS Directory Service not checking PassRole on EnableRoleAccess]]> https://www.cloudvulndb.org/aws-directory-service-passrole https://www.cloudvulndb.org/aws-directory-service-passrole Wed, 07 Jun 2023 00:00:00 GMT <![CDATA[Privilege escalation in GCP Cloud SQL]]> https://www.cloudvulndb.org/gcp-2023-007 https://www.cloudvulndb.org/gcp-2023-007 Fri, 02 Jun 2023 00:00:00 GMT <![CDATA[Cloud SQL for SQL Server privilege escalation]]> https://www.cloudvulndb.org/cloudsql-privesc https://www.cloudvulndb.org/cloudsql-privesc Wed, 24 May 2023 00:00:00 GMT <![CDATA[GuardDuty bypass via S3 permission modification]]> https://www.cloudvulndb.org/guardduty-s3-bypass https://www.cloudvulndb.org/guardduty-s3-bypass Thu, 18 May 2023 00:00:00 GMT <![CDATA[API Management SSRF and path traversal vulnerabilities]]> https://www.cloudvulndb.org/api-mgmt-ssrf-path-traversal https://www.cloudvulndb.org/api-mgmt-ssrf-path-traversal Thu, 04 May 2023 00:00:00 GMT <![CDATA[MFA enforcement IAM policy bypass]]> https://www.cloudvulndb.org/iam-multiple-mfa https://www.cloudvulndb.org/iam-multiple-mfa Tue, 25 Apr 2023 00:00:00 GMT <![CDATA[GhostToken]]> https://www.cloudvulndb.org/ghosttoken https://www.cloudvulndb.org/ghosttoken Fri, 21 Apr 2023 00:00:00 GMT <![CDATA[Asset Key Thief]]> https://www.cloudvulndb.org/asset-key-thief https://www.cloudvulndb.org/asset-key-thief Wed, 19 Apr 2023 00:00:00 GMT <![CDATA[BrokenSesame]]> https://www.cloudvulndb.org/brokensesame https://www.cloudvulndb.org/brokensesame Wed, 19 Apr 2023 00:00:00 GMT <![CDATA[App Runner cross-tenant observability config info leak]]> https://www.cloudvulndb.org/app-runner-observability https://www.cloudvulndb.org/app-runner-observability Mon, 03 Apr 2023 00:00:00 GMT <![CDATA[App Runner cross-tenant VPC connectors info leak]]> https://www.cloudvulndb.org/app-runner-vpc-connectors https://www.cloudvulndb.org/app-runner-vpc-connectors Mon, 03 Apr 2023 00:00:00 GMT <![CDATA[RCE vulnerability in Azure Pipelines]]> https://www.cloudvulndb.org/azure-pipeline-rce https://www.cloudvulndb.org/azure-pipeline-rce Thu, 30 Mar 2023 00:00:00 GMT <![CDATA[Azure on-premises data gateway cross-tenant access]]> https://www.cloudvulndb.org/data_gateway_rce https://www.cloudvulndb.org/data_gateway_rce Thu, 30 Mar 2023 00:00:00 GMT <![CDATA[Azure Function Apps privilege escalation]]> https://www.cloudvulndb.org/azure-functions-eop https://www.cloudvulndb.org/azure-functions-eop Thu, 23 Mar 2023 00:00:00 GMT <![CDATA[Partial CloudTrail logging in AWS Control Tower]]> https://www.cloudvulndb.org/aws-control-tower-lack-of-cloudtrail-logging https://www.cloudvulndb.org/aws-control-tower-lack-of-cloudtrail-logging Mon, 20 Mar 2023 00:00:00 GMT <![CDATA[CloudTrail bypass for AWS Service Catalog]]> https://www.cloudvulndb.org/aws-service-catalog-cloudtrail-bypass https://www.cloudvulndb.org/aws-service-catalog-cloudtrail-bypass Sun, 19 Mar 2023 00:00:00 GMT <![CDATA[Super FabriXss]]> https://www.cloudvulndb.org/cve-2023-23383 https://www.cloudvulndb.org/cve-2023-23383 Tue, 14 Mar 2023 00:00:00 GMT <![CDATA[Imposter commits vulnerability in GitHub Actions]]> https://www.cloudvulndb.org/imposter-commits-vulnerability-github-actions https://www.cloudvulndb.org/imposter-commits-vulnerability-github-actions Wed, 08 Mar 2023 00:00:00 GMT <![CDATA[Unauthorized access to Codespace secrets in GitHub]]> https://www.cloudvulndb.org/unauthorized-access-codespace-secrets-github https://www.cloudvulndb.org/unauthorized-access-codespace-secrets-github Mon, 06 Mar 2023 00:00:00 GMT <![CDATA[AWS CodeBuild Token Leakage]]> https://www.cloudvulndb.org/aws-codebuild-access-token-leak https://www.cloudvulndb.org/aws-codebuild-access-token-leak Sat, 25 Feb 2023 00:00:00 GMT <![CDATA[Overprivileged CodeBuild default ECR IAM policy]]> https://www.cloudvulndb.org/aws-codebuild-ecr-iam-vuln https://www.cloudvulndb.org/aws-codebuild-ecr-iam-vuln Sat, 25 Feb 2023 00:00:00 GMT <![CDATA[Azure AD B2C cryptographic flaw allowing account compromise]]> https://www.cloudvulndb.org/azure-b2c-crypto-flaw https://www.cloudvulndb.org/azure-b2c-crypto-flaw Wed, 15 Feb 2023 00:00:00 GMT <![CDATA[AWS EC2 Autoscaling Privilege Escalation Vulnerability]]> https://www.cloudvulndb.org/aws-ec2-autoscaling-privilege-escalation-vulnerability https://www.cloudvulndb.org/aws-ec2-autoscaling-privilege-escalation-vulnerability Tue, 14 Feb 2023 00:00:00 GMT <![CDATA[Azure App Service on Azure Stack Hub privilege escalation]]> https://www.cloudvulndb.org/cve-2023-21777 https://www.cloudvulndb.org/cve-2023-21777 Tue, 14 Feb 2023 00:00:00 GMT <![CDATA[AWS Console rate limit bypass]]> https://www.cloudvulndb.org/aws-console-rate-limit-bypass https://www.cloudvulndb.org/aws-console-rate-limit-bypass Mon, 06 Feb 2023 00:00:00 GMT <![CDATA[EmojiDeploy]]> https://www.cloudvulndb.org/emojideploy https://www.cloudvulndb.org/emojideploy Thu, 19 Jan 2023 00:00:00 GMT <![CDATA[Azure AD Flaw Allowed SAML Token Persistence]]> https://www.cloudvulndb.org/azure-ad-saml-persistence-flaw https://www.cloudvulndb.org/azure-ad-saml-persistence-flaw Wed, 18 Jan 2023 00:00:00 GMT <![CDATA[AWS CloudTrail bypass for specific IAM actions]]> https://www.cloudvulndb.org/aws-iamadmin-cloudtrail-bypass https://www.cloudvulndb.org/aws-iamadmin-cloudtrail-bypass Tue, 17 Jan 2023 00:00:00 GMT <![CDATA[Multiple SSRF vulnerablities in Azure services]]> https://www.cloudvulndb.org/azure-multiple-ssrf https://www.cloudvulndb.org/azure-multiple-ssrf Tue, 17 Jan 2023 00:00:00 GMT <![CDATA[XSS in Google Cloud Theia notebooks]]> https://www.cloudvulndb.org/gcp-vertex-theia-xss https://www.cloudvulndb.org/gcp-vertex-theia-xss Sun, 15 Jan 2023 00:00:00 GMT <![CDATA[Bypassing authorization in Google Cloud Workstations]]> https://www.cloudvulndb.org/gcp-cloudworkstations-auth-bypass https://www.cloudvulndb.org/gcp-cloudworkstations-auth-bypass Fri, 13 Jan 2023 00:00:00 GMT <![CDATA[Client-Side SSRF to Google Cloud Project Takeover]]> https://www.cloudvulndb.org/client-side-ssrf-google-cloud-project-takeover https://www.cloudvulndb.org/client-side-ssrf-google-cloud-project-takeover Thu, 12 Jan 2023 00:00:00 GMT <![CDATA[SSH key injection in Google Cloud Compute Engine]]> https://www.cloudvulndb.org/gce_ssh_key_injection https://www.cloudvulndb.org/gce_ssh_key_injection Thu, 12 Jan 2023 00:00:00 GMT <![CDATA[IAP CORS Misconfiguration Allows Email Disclosure]]> https://www.cloudvulndb.org/google-cloud-iap-cors-misconfiguration-email-disclosure https://www.cloudvulndb.org/google-cloud-iap-cors-misconfiguration-email-disclosure Fri, 06 Jan 2023 00:00:00 GMT <![CDATA[ACSESSED]]> https://www.cloudvulndb.org/acsessed https://www.cloudvulndb.org/acsessed Thu, 22 Dec 2022 00:00:00 GMT <![CDATA[Azure Serverless Functions escape to host]]> https://www.cloudvulndb.org/azure-func-escape https://www.cloudvulndb.org/azure-func-escape Thu, 15 Dec 2022 00:00:00 GMT <![CDATA[ECR Public vulnerability in undocumented API]]> https://www.cloudvulndb.org/public-ecr-undocumented-api https://www.cloudvulndb.org/public-ecr-undocumented-api Tue, 13 Dec 2022 00:00:00 GMT <![CDATA[Hell's Keychain]]> https://www.cloudvulndb.org/hellskeychain https://www.cloudvulndb.org/hellskeychain Thu, 01 Dec 2022 00:00:00 GMT <![CDATA[AWS AppSync confused deputy via ServiceRoleArn]]> https://www.cloudvulndb.org/aws-appsync-confused-deputy https://www.cloudvulndb.org/aws-appsync-confused-deputy Mon, 21 Nov 2022 00:00:00 GMT <![CDATA[Azure Devops account takeover via dangling subdomain takeover]]> https://www.cloudvulndb.org/azure-devops-dangling-domain https://www.cloudvulndb.org/azure-devops-dangling-domain Mon, 07 Nov 2022 00:00:00 GMT <![CDATA[CosMiss]]> https://www.cloudvulndb.org/cosmiss https://www.cloudvulndb.org/cosmiss Tue, 01 Nov 2022 00:00:00 GMT <![CDATA[Azure CLI code injection vulnerability]]> https://www.cloudvulndb.org/cve-2022-39327 https://www.cloudvulndb.org/cve-2022-39327 Tue, 25 Oct 2022 00:00:00 GMT <![CDATA[Docker Command Escaping in GitHub Actions Runner]]> https://www.cloudvulndb.org/docker-command-escaping-github-actions-runner https://www.cloudvulndb.org/docker-command-escaping-github-actions-runner Mon, 24 Oct 2022 00:00:00 GMT <![CDATA[BlueBleed]]> https://www.cloudvulndb.org/bluebleed https://www.cloudvulndb.org/bluebleed Wed, 19 Oct 2022 00:00:00 GMT <![CDATA[FabriXss]]> https://www.cloudvulndb.org/cve-2022-35829 https://www.cloudvulndb.org/cve-2022-35829 Tue, 11 Oct 2022 00:00:00 GMT <![CDATA[Azure Arc-enabled Kubernetes privilege escalation]]> https://www.cloudvulndb.org/cve-2022-37968 https://www.cloudvulndb.org/cve-2022-37968 Tue, 11 Oct 2022 00:00:00 GMT <![CDATA[AttachMe]]> https://www.cloudvulndb.org/attachme https://www.cloudvulndb.org/attachme Tue, 20 Sep 2022 00:00:00 GMT <![CDATA[Azure Cloud Shell access token theft]]> https://www.cloudvulndb.org/azure-cloudshell-injection https://www.cloudvulndb.org/azure-cloudshell-injection Tue, 20 Sep 2022 00:00:00 GMT <![CDATA[Synapse Spark LPE]]> https://www.cloudvulndb.org/synapse-spark-lpe https://www.cloudvulndb.org/synapse-spark-lpe Thu, 01 Sep 2022 00:00:00 GMT <![CDATA[SNS SigningCertUrl improper validation]]> https://www.cloudvulndb.org/sns-signingcerturl-improper-validation https://www.cloudvulndb.org/sns-signingcerturl-improper-validation Fri, 19 Aug 2022 00:00:00 GMT <![CDATA[Remote Code Execution via GitHub Import]]> https://www.cloudvulndb.org/remote-code-execution-via-github-import https://www.cloudvulndb.org/remote-code-execution-via-github-import Wed, 17 Aug 2022 00:00:00 GMT <![CDATA[Actions Core Delimiter Injection Vulnerability]]> https://www.cloudvulndb.org/actions-core-delimiter-injection-vulnerability https://www.cloudvulndb.org/actions-core-delimiter-injection-vulnerability Fri, 12 Aug 2022 00:00:00 GMT <![CDATA[Cloud SQL escape to host]]> https://www.cloudvulndb.org/cloudsql-escape https://www.cloudvulndb.org/cloudsql-escape Thu, 11 Aug 2022 00:00:00 GMT <![CDATA[Google Cloud Shell command injection]]> https://www.cloudvulndb.org/gcp-cloudshell-command-injection https://www.cloudvulndb.org/gcp-cloudshell-command-injection Wed, 10 Aug 2022 00:00:00 GMT <![CDATA[S3 Replication only logs first destination bucket]]> https://www.cloudvulndb.org/s3-replicator-cloudtrail https://www.cloudvulndb.org/s3-replicator-cloudtrail Wed, 20 Jul 2022 00:00:00 GMT <![CDATA[Persistence Vulnerability in GCP Cloud Workstations]]> https://www.cloudvulndb.org/gcp-cloud-workstations-persistence-flaw https://www.cloudvulndb.org/gcp-cloud-workstations-persistence-flaw Sat, 16 Jul 2022 00:00:00 GMT <![CDATA[Dependency confusion in AWS CodeArtifact]]> https://www.cloudvulndb.org/dependency-confusion-in-aws-codeartifact https://www.cloudvulndb.org/dependency-confusion-in-aws-codeartifact Thu, 14 Jul 2022 00:00:00 GMT <![CDATA[Microsoft Azure Site Recovery DLL hijacking]]> https://www.cloudvulndb.org/cve-2022-33675 https://www.cloudvulndb.org/cve-2022-33675 Tue, 12 Jul 2022 00:00:00 GMT <![CDATA[AWS IAM Authenticator for Kubernetes AccessKeyID Validation Bypass]]> https://www.cloudvulndb.org/CVE-2022-2385 https://www.cloudvulndb.org/CVE-2022-2385 Mon, 11 Jul 2022 00:00:00 GMT <![CDATA[FabricScape (CVE-2022-30137) - Azure Service Fabric privilege escalation]]> https://www.cloudvulndb.org/CVE-2022-30137 https://www.cloudvulndb.org/CVE-2022-30137 Tue, 28 Jun 2022 00:00:00 GMT <![CDATA[Azure Open Management Infrastructure (OMI) Elevation of Privilege]]> https://www.cloudvulndb.org/cve-2022-29149 https://www.cloudvulndb.org/cve-2022-29149 Tue, 14 Jun 2022 00:00:00 GMT <![CDATA[Privilege escalation and file poisoning in Synapse Analytics]]> https://www.cloudvulndb.org/synapse-pwnalytics https://www.cloudvulndb.org/synapse-pwnalytics Mon, 13 Jun 2022 00:00:00 GMT <![CDATA[GKE Authorized Networks bypass via Cloud Functions or Cloud Run]]> https://www.cloudvulndb.org/cloud-func-gke-bypass https://www.cloudvulndb.org/cloud-func-gke-bypass Tue, 07 Jun 2022 00:00:00 GMT <![CDATA[MWAA logs leak tokens and hostnames]]> https://www.cloudvulndb.org/mwaa-leaky-logs https://www.cloudvulndb.org/mwaa-leaky-logs Tue, 31 May 2022 00:00:00 GMT <![CDATA[ELB Cache mechanism HTTP header smuggling]]> https://www.cloudvulndb.org/elb-cache-http-smuggling https://www.cloudvulndb.org/elb-cache-http-smuggling Tue, 17 May 2022 00:00:00 GMT <![CDATA[Synlapse]]> https://www.cloudvulndb.org/synlapse https://www.cloudvulndb.org/synlapse Mon, 09 May 2022 00:00:00 GMT <![CDATA[AWS package backfill attack]]> https://www.cloudvulndb.org/aws-package-backfill https://www.cloudvulndb.org/aws-package-backfill Sun, 01 May 2022 00:00:00 GMT <![CDATA[ExtraReplica]]> https://www.cloudvulndb.org/extrareplica https://www.cloudvulndb.org/extrareplica Thu, 28 Apr 2022 00:00:00 GMT <![CDATA[AWS SSM agent local privilege escalation]]> https://www.cloudvulndb.org/cve-2022-29527 https://www.cloudvulndb.org/cve-2022-29527 Wed, 20 Apr 2022 00:00:00 GMT <![CDATA[Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation]]> https://www.cloudvulndb.org/log4shell-hotpatch https://www.cloudvulndb.org/log4shell-hotpatch Tue, 19 Apr 2022 00:00:00 GMT <![CDATA[Privilege Escalation to SYSTEM in AWS VPN Client]]> https://www.cloudvulndb.org/cve-2022-25165 https://www.cloudvulndb.org/cve-2022-25165 Tue, 12 Apr 2022 00:00:00 GMT <![CDATA[AWS RDS local file read]]> https://www.cloudvulndb.org/aws-rds-local-file-read https://www.cloudvulndb.org/aws-rds-local-file-read Mon, 11 Apr 2022 00:00:00 GMT <![CDATA[Azure AD information disclosure via undocumented APIs]]> https://www.cloudvulndb.org/azure-info-disclosure https://www.cloudvulndb.org/azure-info-disclosure Tue, 05 Apr 2022 00:00:00 GMT <![CDATA[GKE Sandbox side channel attack]]> https://www.cloudvulndb.org/gcp-2022-011 https://www.cloudvulndb.org/gcp-2022-011 Tue, 22 Mar 2022 00:00:00 GMT <![CDATA[AWS RDS does not enforce SSL/TLS encryption]]> https://www.cloudvulndb.org/aws-rds-no-ssl-tls https://www.cloudvulndb.org/aws-rds-no-ssl-tls Thu, 10 Mar 2022 00:00:00 GMT <![CDATA[Logic Apps privilege escalation to root]]> https://www.cloudvulndb.org/azure-logic-app-contributor-escalation-to-root-owner https://www.cloudvulndb.org/azure-logic-app-contributor-escalation-to-root-owner Wed, 09 Mar 2022 00:00:00 GMT <![CDATA[Autopilot node compromise via allowlisted workload masquerade]]> https://www.cloudvulndb.org/gke-autopilot-allowlist https://www.cloudvulndb.org/gke-autopilot-allowlist Tue, 08 Mar 2022 00:00:00 GMT <![CDATA[AutoWarp]]> https://www.cloudvulndb.org/autowarp https://www.cloudvulndb.org/autowarp Mon, 07 Mar 2022 00:00:00 GMT <![CDATA[Google Cloud Armor packet size bypass]]> https://www.cloudvulndb.org/gcp-8kb-bypass https://www.cloudvulndb.org/gcp-8kb-bypass Thu, 24 Feb 2022 00:00:00 GMT <![CDATA[Cognito User Group spoofing]]> https://www.cloudvulndb.org/cognito-user-group-spoofing https://www.cloudvulndb.org/cognito-user-group-spoofing Tue, 15 Feb 2022 00:00:00 GMT <![CDATA[Oracle Apiary SSRF]]> https://www.cloudvulndb.org/apiary-ssrf https://www.cloudvulndb.org/apiary-ssrf Tue, 08 Feb 2022 00:00:00 GMT <![CDATA[Codebuild data exfiltration]]> https://www.cloudvulndb.org/codebuild-data-exfil https://www.cloudvulndb.org/codebuild-data-exfil Thu, 03 Feb 2022 00:00:00 GMT <![CDATA[BreakingFormation]]> https://www.cloudvulndb.org/breakingformation https://www.cloudvulndb.org/breakingformation Thu, 13 Jan 2022 00:00:00 GMT <![CDATA[SuperGlue]]> https://www.cloudvulndb.org/superglue https://www.cloudvulndb.org/superglue Thu, 13 Jan 2022 00:00:00 GMT <![CDATA[AWS AI services ToS allow sharing of customer data]]> https://www.cloudvulndb.org/terms-conditions-customer-data https://www.cloudvulndb.org/terms-conditions-customer-data Thu, 06 Jan 2022 00:00:00 GMT <![CDATA[Bypassing Identity-Aware Proxy in Google Cloud]]> https://www.cloudvulndb.org/iap-bypass-google-cloud https://www.cloudvulndb.org/iap-bypass-google-cloud Thu, 30 Dec 2021 00:00:00 GMT <![CDATA[Dataflow RCE via unauthenticated JMX service]]> https://www.cloudvulndb.org/dataflow-rce-jmx https://www.cloudvulndb.org/dataflow-rce-jmx Tue, 28 Dec 2021 00:00:00 GMT <![CDATA[Google Cloud Shell command injection]]> https://www.cloudvulndb.org/gcp-cloudshell-open-in-command-injection https://www.cloudvulndb.org/gcp-cloudshell-open-in-command-injection Tue, 28 Dec 2021 00:00:00 GMT <![CDATA[Overprivileged AWS support IAM role policy]]> https://www.cloudvulndb.org/overprivileged-aws-support-iam https://www.cloudvulndb.org/overprivileged-aws-support-iam Wed, 22 Dec 2021 00:00:00 GMT <![CDATA[LPE vulnerability in Eltima (3rd-party cloud desktop driver)]]> https://www.cloudvulndb.org/eltima-cloud-desktop-lpe https://www.cloudvulndb.org/eltima-cloud-desktop-lpe Tue, 07 Dec 2021 00:00:00 GMT <![CDATA[AWS SageMaker Jupyter Notebook instance CSRF]]> https://www.cloudvulndb.org/sagemaker-jupyter-csrf https://www.cloudvulndb.org/sagemaker-jupyter-csrf Thu, 02 Dec 2021 00:00:00 GMT <![CDATA[CredManifest (Azure AD keyCredential property information disclosure)]]> https://www.cloudvulndb.org/cve-2021-42306 https://www.cloudvulndb.org/cve-2021-42306 Wed, 17 Nov 2021 00:00:00 GMT <![CDATA[AWS SOC 2 type 2 failure (Fall 2021)]]> https://www.cloudvulndb.org/aws-fall-2021-soc2 https://www.cloudvulndb.org/aws-fall-2021-soc2 Mon, 15 Nov 2021 00:00:00 GMT <![CDATA[AWS API Gateway HTTP header smuggling]]> https://www.cloudvulndb.org/aws-api-gw-smuggling https://www.cloudvulndb.org/aws-api-gw-smuggling Wed, 10 Nov 2021 00:00:00 GMT <![CDATA[Cloud SQL vulnerabilities in Google's RDS offering]]> https://www.cloudvulndb.org/cloud-sql-vulns-google-rds https://www.cloudvulndb.org/cloud-sql-vulns-google-rds Mon, 18 Oct 2021 00:00:00 GMT <![CDATA[Azure NotLegit]]> https://www.cloudvulndb.org/notlegit https://www.cloudvulndb.org/notlegit Thu, 07 Oct 2021 00:00:00 GMT <![CDATA[Azure AD Seamless SSO logging bypass]]> https://www.cloudvulndb.org/aad-seamless-sso-log-bypass https://www.cloudvulndb.org/aad-seamless-sso-log-bypass Wed, 29 Sep 2021 00:00:00 GMT <![CDATA[Dropped active Google Cloud Armor security policy]]> https://www.cloudvulndb.org/gcp-2021-019 https://www.cloudvulndb.org/gcp-2021-019 Wed, 29 Sep 2021 00:00:00 GMT <![CDATA[Predictible seed in Anthos Identity Service LDAP module]]> https://www.cloudvulndb.org/gcp-2021-022 https://www.cloudvulndb.org/gcp-2021-022 Wed, 22 Sep 2021 00:00:00 GMT <![CDATA[Exfiltrate data via the logs of GCP Org policy]]> https://www.cloudvulndb.org/gcp-org-policy-exfiltrate-data https://www.cloudvulndb.org/gcp-org-policy-exfiltrate-data Wed, 22 Sep 2021 00:00:00 GMT <![CDATA[AWS Workspace client RCE]]> https://www.cloudvulndb.org/cve-2021-38112 https://www.cloudvulndb.org/cve-2021-38112 Tue, 21 Sep 2021 00:00:00 GMT <![CDATA[GCP IAP bypass]]> https://www.cloudvulndb.org/gcp-iap-bypass https://www.cloudvulndb.org/gcp-iap-bypass Fri, 17 Sep 2021 00:00:00 GMT <![CDATA[Azure privilege escalation via Log Analytics role]]> https://www.cloudvulndb.org/log-analytics-role-privesc https://www.cloudvulndb.org/log-analytics-role-privesc Mon, 13 Sep 2021 00:00:00 GMT <![CDATA[Org policies bypass]]> https://www.cloudvulndb.org/gcp-org-policies-bypass https://www.cloudvulndb.org/gcp-org-policies-bypass Fri, 10 Sep 2021 00:00:00 GMT <![CDATA[Azurescape]]> https://www.cloudvulndb.org/azurescape https://www.cloudvulndb.org/azurescape Thu, 09 Sep 2021 00:00:00 GMT <![CDATA[ChaosDB]]> https://www.cloudvulndb.org/chaosdb https://www.cloudvulndb.org/chaosdb Thu, 26 Aug 2021 00:00:00 GMT <![CDATA[Lightsail object storage access keys logged]]> https://www.cloudvulndb.org/lightsail-keys-logged https://www.cloudvulndb.org/lightsail-keys-logged Thu, 05 Aug 2021 00:00:00 GMT <![CDATA[DHCP abuse for code exec]]> https://www.cloudvulndb.org/dhcp-abuse-code-exec https://www.cloudvulndb.org/dhcp-abuse-code-exec Fri, 25 Jun 2021 00:00:00 GMT <![CDATA[Privilege escalation on Dialogflow cloud platform]]> https://www.cloudvulndb.org/dialogflow-privilege-escalation https://www.cloudvulndb.org/dialogflow-privilege-escalation Sun, 13 Jun 2021 00:00:00 GMT <![CDATA[Elastic Beanstalk - XSS in Web Console]]> https://www.cloudvulndb.org/aws-xss-console https://www.cloudvulndb.org/aws-xss-console Thu, 03 Jun 2021 00:00:00 GMT <![CDATA[OMIGOD]]> https://www.cloudvulndb.org/omigod https://www.cloudvulndb.org/omigod Tue, 01 Jun 2021 00:00:00 GMT <![CDATA[Password Reset Code Brute-Force Vulnerability in AWS Cognito]]> https://www.cloudvulndb.org/aws-cognito-reset-vulnerability https://www.cloudvulndb.org/aws-cognito-reset-vulnerability Fri, 30 Apr 2021 00:00:00 GMT <![CDATA[Privilege escalation in GCP OS Login]]> https://www.cloudvulndb.org/gcp-os-login-pe https://www.cloudvulndb.org/gcp-os-login-pe Wed, 17 Mar 2021 00:00:00 GMT <![CDATA[AWS CloudShell terminal escape]]> https://www.cloudvulndb.org/aws-cloudshell-terminal-escape https://www.cloudvulndb.org/aws-cloudshell-terminal-escape Wed, 10 Mar 2021 00:00:00 GMT <![CDATA[Azure Linux VM extension credential leak]]> https://www.cloudvulndb.org/cve-2021-27075 https://www.cloudvulndb.org/cve-2021-27075 Tue, 09 Mar 2021 00:00:00 GMT <![CDATA[Azure Cloud Shell and Container Instances breakout]]> https://www.cloudvulndb.org/azure-cloud-shell-and-container-instance-lpe https://www.cloudvulndb.org/azure-cloud-shell-and-container-instance-lpe Mon, 15 Feb 2021 00:00:00 GMT <![CDATA[GKE gVisor sandbox escape]]> https://www.cloudvulndb.org/gke-gvisor-sandbox-escape https://www.cloudvulndb.org/gke-gvisor-sandbox-escape Wed, 30 Dec 2020 00:00:00 GMT <![CDATA[AWS SOC 2 type 2 failure (Fall 2020)]]> https://www.cloudvulndb.org/aws-fall-2020-soc2 https://www.cloudvulndb.org/aws-fall-2020-soc2 Sun, 20 Dec 2020 00:00:00 GMT <![CDATA[GCP Default compute account is project Editor]]> https://www.cloudvulndb.org/gcp-default-compute-account https://www.cloudvulndb.org/gcp-default-compute-account Sun, 22 Nov 2020 00:00:00 GMT <![CDATA[IAM privilege escalation in multiple GCP services]]> https://www.cloudvulndb.org/gcp-iam-pe-multiple-services https://www.cloudvulndb.org/gcp-iam-pe-multiple-services Sun, 22 Nov 2020 00:00:00 GMT <![CDATA[SSRF in Google Cloud Monitoring]]> https://www.cloudvulndb.org/ssrf-in-google-cloud-monitoring https://www.cloudvulndb.org/ssrf-in-google-cloud-monitoring Thu, 12 Nov 2020 00:00:00 GMT <![CDATA[Route table modification to imitate metadata service]]> https://www.cloudvulndb.org/aws-route-table-modify https://www.cloudvulndb.org/aws-route-table-modify Mon, 19 Oct 2020 00:00:00 GMT <![CDATA[AI Hub Jupyter Notebook instance CSRF]]> https://www.cloudvulndb.org/ai-hub-jupyter-csrf https://www.cloudvulndb.org/ai-hub-jupyter-csrf Sat, 17 Oct 2020 00:00:00 GMT <![CDATA[Enumeration of Privileges Without Being Logged to CloudTrail]]> https://www.cloudvulndb.org/privilege-identification-cloudtrail https://www.cloudvulndb.org/privilege-identification-cloudtrail Sat, 17 Oct 2020 00:00:00 GMT <![CDATA[Lack of internal change controls for IAM managed policies]]> https://www.cloudvulndb.org/iam-managed-policies-lack-controls https://www.cloudvulndb.org/iam-managed-policies-lack-controls Thu, 15 Oct 2020 00:00:00 GMT <![CDATA[Multiple issues in AWS IAM Authenticator for Kubernetes]]> https://www.cloudvulndb.org/aws-auth-multiple-issues https://www.cloudvulndb.org/aws-auth-multiple-issues Tue, 06 Oct 2020 00:00:00 GMT <![CDATA[Google Cloud Shell XSS to RCE Vulnerability]]> https://www.cloudvulndb.org/google-cloud-shell-xss-rce https://www.cloudvulndb.org/google-cloud-shell-xss-rce Thu, 01 Oct 2020 00:00:00 GMT <![CDATA[Encryption SDK vulnerabilities]]> https://www.cloudvulndb.org/encryption-sdk-issues https://www.cloudvulndb.org/encryption-sdk-issues Mon, 28 Sep 2020 00:00:00 GMT <![CDATA[S3 bucket tagging not restricted]]> https://www.cloudvulndb.org/s3-bucket-tagging-not-restricted https://www.cloudvulndb.org/s3-bucket-tagging-not-restricted Mon, 28 Sep 2020 00:00:00 GMT <![CDATA[CloudFormer review]]> https://www.cloudvulndb.org/cloudformer-review https://www.cloudvulndb.org/cloudformer-review Fri, 25 Sep 2020 00:00:00 GMT <![CDATA[CloudFormation resource provider credentials leak]]> https://www.cloudvulndb.org/cloudformation_cred_leak https://www.cloudvulndb.org/cloudformation_cred_leak Tue, 22 Sep 2020 00:00:00 GMT <![CDATA[Timing attack with Lambda and CloudWatch Synthetics]]> https://www.cloudvulndb.org/lambda-cloudwatch-timing-attack https://www.cloudvulndb.org/lambda-cloudwatch-timing-attack Tue, 15 Sep 2020 00:00:00 GMT <![CDATA[CloudFormation denial of service (in a single account)]]> https://www.cloudvulndb.org/cloudformation-dos https://www.cloudvulndb.org/cloudformation-dos Tue, 01 Sep 2020 00:00:00 GMT <![CDATA[GCP service accounts and projects information leak]]> https://www.cloudvulndb.org/gcp-service-accounts-leak https://www.cloudvulndb.org/gcp-service-accounts-leak Wed, 26 Aug 2020 00:00:00 GMT <![CDATA[Dropping a Shell in Google Cloud SQL]]> https://www.cloudvulndb.org/cloud-sql-shell-drop https://www.cloudvulndb.org/cloud-sql-shell-drop Tue, 18 Aug 2020 00:00:00 GMT <![CDATA[Google Cloud Shell Bugs Expose User Credentials]]> https://www.cloudvulndb.org/google-cloud-shell-bugs https://www.cloudvulndb.org/google-cloud-shell-bugs Tue, 18 Aug 2020 00:00:00 GMT <![CDATA[S3 Crypto SDK vulnerabilities]]> https://www.cloudvulndb.org/s3-crypto-sdk https://www.cloudvulndb.org/s3-crypto-sdk Mon, 10 Aug 2020 00:00:00 GMT <![CDATA[CloudTrail S3 data events leak bucket Account ID]]> https://www.cloudvulndb.org/aws-s3-recon-account-id-of-bucket https://www.cloudvulndb.org/aws-s3-recon-account-id-of-bucket Mon, 27 Jul 2020 00:00:00 GMT <![CDATA[XSS on EC2 web console]]> https://www.cloudvulndb.org/ec2-console-xss https://www.cloudvulndb.org/ec2-console-xss Wed, 01 Jul 2020 00:00:00 GMT <![CDATA[GKE and EKS CAP_NET_RAW metadata service MITM root privilege escalation]]> https://www.cloudvulndb.org/cap-net-raw-metadata-mitm https://www.cloudvulndb.org/cap-net-raw-metadata-mitm Mon, 15 Jun 2020 00:00:00 GMT <![CDATA[RCE in Google Cloud Deployment Manager]]> https://www.cloudvulndb.org/rce-in-cloud-dm https://www.cloudvulndb.org/rce-in-cloud-dm Thu, 21 May 2020 00:00:00 GMT <![CDATA[GuardDuty detection bypass via cloudtrail]]> https://www.cloudvulndb.org/guardduty-cloudtrail-bypass https://www.cloudvulndb.org/guardduty-cloudtrail-bypass Thu, 23 Apr 2020 00:00:00 GMT <![CDATA[GCP Cloudshell Cross-Site WebSocket Hijacking (CSWSH)]]> https://www.cloudvulndb.org/gcp-cloudshell-cswsh https://www.cloudvulndb.org/gcp-cloudshell-cswsh Wed, 11 Mar 2020 00:00:00 GMT <![CDATA[Google wide domain check bypass]]> https://www.cloudvulndb.org/google-domain-check-bypass https://www.cloudvulndb.org/google-domain-check-bypass Sun, 08 Mar 2020 00:00:00 GMT <![CDATA[Azure App Service RCE]]> https://www.cloudvulndb.org/CVE-2019-1372 https://www.cloudvulndb.org/CVE-2019-1372 Thu, 30 Jan 2020 00:00:00 GMT <![CDATA[AWS uploaded sensitive data to public GitHub bucket]]> https://www.cloudvulndb.org/aws-data-post https://www.cloudvulndb.org/aws-data-post Thu, 23 Jan 2020 00:00:00 GMT <![CDATA[GCP Speech to Text Information Disclosure]]> https://www.cloudvulndb.org/gcp-speech-to-text-info-disclosure https://www.cloudvulndb.org/gcp-speech-to-text-info-disclosure Sun, 12 Jan 2020 00:00:00 GMT <![CDATA[GCP Stackdriver Debugger SSRF]]> https://www.cloudvulndb.org/gcp-stackdriver-ssrf https://www.cloudvulndb.org/gcp-stackdriver-ssrf Thu, 19 Dec 2019 00:00:00 GMT <![CDATA[GCP Cloudshell Vulnerabilities]]> https://www.cloudvulndb.org/gcp-cloudshell-bugs https://www.cloudvulndb.org/gcp-cloudshell-bugs Mon, 16 Dec 2019 00:00:00 GMT <![CDATA[GCP Cloudshell XSS and CSRF bugs]]> https://www.cloudvulndb.org/gcp-cloudshell-xss-csrf https://www.cloudvulndb.org/gcp-cloudshell-xss-csrf Sun, 15 Dec 2019 00:00:00 GMT <![CDATA[Google Cloud Platform VRP Prize Writeup]]> https://www.cloudvulndb.org/google-cloud-platform-vrp-prize https://www.cloudvulndb.org/google-cloud-platform-vrp-prize Fri, 29 Nov 2019 00:00:00 GMT <![CDATA[ALB HTTP request smuggling]]> https://www.cloudvulndb.org/alb-http-smuggling https://www.cloudvulndb.org/alb-http-smuggling Fri, 04 Oct 2019 00:00:00 GMT <![CDATA[Google App Engine RCE Worth $36k]]> https://www.cloudvulndb.org/google-app-engine-rce https://www.cloudvulndb.org/google-app-engine-rce Sat, 31 Aug 2019 00:00:00 GMT <![CDATA[Lake Formation data lake admin override]]> https://www.cloudvulndb.org/lake_admin_override https://www.cloudvulndb.org/lake_admin_override Thu, 15 Aug 2019 00:00:00 GMT <![CDATA[AWS IAM role credential exfiltration via EC2 Instance Metadata Service (IMDSv1)]]> https://www.cloudvulndb.org/aws-imdsv1-credential-exfiltration https://www.cloudvulndb.org/aws-imdsv1-credential-exfiltration Sun, 04 Aug 2019 00:00:00 GMT <![CDATA[IAM privilege escalation via undocumented CodeStar API]]> https://www.cloudvulndb.org/aws-codestar-privilege-escalation https://www.cloudvulndb.org/aws-codestar-privilege-escalation Tue, 18 Jun 2019 00:00:00 GMT <![CDATA[VPC Hosted Zones unauditable]]> https://www.cloudvulndb.org/vpc-hosted-zones-unauditable https://www.cloudvulndb.org/vpc-hosted-zones-unauditable Fri, 24 May 2019 00:00:00 GMT <![CDATA[Impersonate GCP Organization Through the Organizations Update Method]]> https://www.cloudvulndb.org/gcp-organization-impersontaion-through-update https://www.cloudvulndb.org/gcp-organization-impersontaion-through-update Sun, 20 Jan 2019 00:00:00 GMT .com" - Share it with "domain:.com" (Effectively sharing it with every Google user with a @.com account) - Profit from unsuspecting users creating resources in my organization, specially billing accounts or building projects that manage sensible information. ]]> .com" - Share it with "domain:.com" (Effectively sharing it with every Google user with a @.com account) - Profit from unsuspecting users creating resources in my organization, specially billing accounts or building projects that manage sensible information. ]]> <![CDATA[Azure Cloud Shell terminal escape]]> https://www.cloudvulndb.org/azure-cloudshell-terminal-escape https://www.cloudvulndb.org/azure-cloudshell-terminal-escape Wed, 09 Jan 2019 00:00:00 GMT <![CDATA[Resource policy confused deputy issue with services]]> https://www.cloudvulndb.org/resource-policy-confused-deputy https://www.cloudvulndb.org/resource-policy-confused-deputy Wed, 28 Nov 2018 00:00:00 GMT <![CDATA[Launching EC2s did not require specifying AMI owner]]> https://www.cloudvulndb.org/cve-2018-15869 https://www.cloudvulndb.org/cve-2018-15869 Mon, 13 Aug 2018 00:00:00 GMT <![CDATA[Subdomain takeover via Azure Traffic Manager]]> https://www.cloudvulndb.org/azure-subdomain-takeover https://www.cloudvulndb.org/azure-subdomain-takeover Fri, 10 Aug 2018 00:00:00 GMT <![CDATA[AWS ElasticSearch Index Name Leakage]]> https://www.cloudvulndb.org/aws-es-index-name-leak https://www.cloudvulndb.org/aws-es-index-name-leak Tue, 15 May 2018 00:00:00 GMT <![CDATA[Bypassable and overly-privileged IAM policies]]> https://www.cloudvulndb.org/iam-policies-bypass-overprivileged https://www.cloudvulndb.org/iam-policies-bypass-overprivileged Tue, 07 Nov 2017 00:00:00 GMT <![CDATA[AWS Java SDK XXE injection]]> https://www.cloudvulndb.org/aws-java-sdk-xxe https://www.cloudvulndb.org/aws-java-sdk-xxe Tue, 10 Oct 2017 00:00:00 GMT <![CDATA[Public admin access to Azure's Red Hat Update Infrastructure]]> https://www.cloudvulndb.org/admin-azure-rh-update-infrastructure https://www.cloudvulndb.org/admin-azure-rh-update-infrastructure Sat, 26 Nov 2016 00:00:00 GMT <![CDATA[3rd party vendor confused deputy via AssumeRole]]> https://www.cloudvulndb.org/assumerole-confused-deputy https://www.cloudvulndb.org/assumerole-confused-deputy Wed, 16 Nov 2016 00:00:00 GMT <![CDATA[AWS published official AMIs with recoverable deleted files]]> https://www.cloudvulndb.org/ami-recoverable-files https://www.cloudvulndb.org/ami-recoverable-files Sat, 04 Jun 2011 00:00:00 GMT <![CDATA[Signature version 1 (SigV1) is insecure]]> https://www.cloudvulndb.org/aws-sigv1-insecure https://www.cloudvulndb.org/aws-sigv1-insecure Thu, 18 Dec 2008 00:00:00 GMT