all InfoSec news
ApatchMe
Nov. 2, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
page in the Google Composer UI were not patched against CVE-2023-29247 (Stored XSS).
This meant that post-authentication, a threat actor could have exploited this
to store their JavaScript payload in the victim's managed Apache Airflow instance
and run JavaScript on behalf of the victim (who could be an admin or another
user with higher permissions than the threat actor, thereby leading to privilege escalation).
With JavaScript, threat actors …
actor airflow amazon apache authentication composer cve exploited google instance javascript managed page payload run store stored xss task threat threat actor victim workflows xss
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 month, 2 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 3 weeks ago |
www.cloudvulndb.org
Synapse Analytics privilege escalation via intelligent caching
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC