all InfoSec news
Asset Key Thief
April 19, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
privilege escalation vulnerability that enabled
principals with the "Cloud Asset Viewer" role (or other roles
with the `cloudasset.assets.searchAllResources` permission) on the
Cloud Asset Inventory API, at the Project, Folder, or Organization level
to view and exfiltrate any user-managed Service Account
private key under a project within the same Google Cloud environment that
had been created or rotated up to a maximum of 12 hours ago.
Access to Service Account private keys enable the …
access account api asset asset inventory assets attackers cloud enable environment escalation folder google google cloud identity inventory key keys managed organization permission private private key private keys privilege privilege escalation privileges project role roles service thief under viewer vulnerability
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 month, 2 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 3 weeks ago |
www.cloudvulndb.org
Synapse Analytics privilege escalation via intelligent caching
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC