all InfoSec news
Azure Devops account takeover via dangling subdomain takeover
Nov. 7, 2022, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
subdomains corresponding to subdomains at visualstudio.com. Had these been
discovered and registered by an attacker, this would have been equivalent
to a 1-click vulnerability for Azure DevOps: the attacker could have crafted
a URL referring to the sign-in API for Azure DevOps Services (app.vssps.visualstudio.com)
using one of the two subdomains in the "reply_to" field (since subdomains
of visualstudio.com would be allowed by the API). If clicked on by a target
Azure DevOps …
account account takeover azure devops subdomain subdomain takeover takeover
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
1 month, 1 week ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
1 month, 3 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 4 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 4 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States