all InfoSec news
Azure on-premises data gateway cross-tenant access
March 30, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
several Azure cloud services, and also enables a connected agent installed locally in an
on-prem network to perform certain actions remotely. NetSPI discovered a deserialization
issue in Microsoft Power Platform connectors that lead to RCE on several Azure backend
servers that processed call backs from on-premises data gateways, effectively allowing
unauthorized cross-tenant access.
access actions agent azure azure cloud azure cloud services backend call cloud cloud services connectors customer data data transfer deserialization gateway issue locally microsoft netspi network on-prem platform power rce servers services
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 month, 2 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 3 weeks ago |
www.cloudvulndb.org
Synapse Analytics privilege escalation via intelligent caching
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC