181 - Cloud Bugs and More Vulns in Galaxy App Store [Bug Bounty Podcast]

We've got a cloud focused episode this week, starting with a logging bypass in AWS CloudTrail, a SSH Key injection, and cross-tenant data access in Azure Cognitive Search.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/181.html

[00:00:00] Introduction
[00:00:25] Undocumented API allows CloudTrail bypass
[00:06:00] Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
[00:14:53] SSH key injection in Google Cloud Compute Engine [Google VRP]
[00:19:08] Chat Question: Why is Cross-Site Scripting called That
[00:22:36] Cross-tenant network …

access api app aws aws cloudtrail azure bounty bug bug bounty bugs bypass called chat cloud cloudtrail compute compute engine cross-site cve data data access engine galaxy google google cloud injection introduction key logging podcast question scripting search ssh store vrp vulnerabilities vulns