all InfoSec news
BrokenSesame
April 19, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
which ultimately allowed unauthorized access to other tenants' databases and the ability
to perform a supply-chain attack on both services, which in turn would have allowed remote
code execution (RCE) as well. Both services implemented multi-tenancy through a shared K8s
cluster, but contained several bugs related to tenant isolation which an attacker could
chain together to achieve the above impact. In ApsaraDB, these included privilege escalation
to root in a …
access attack bugs cluster code code execution container container escape databases escalation escape impact isolation k8s namespace nodes permissions postgresql privilege privilege escalation rce remote code remote code execution root services supply turn unauthorized access vulnerabilities
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
1 month, 1 week ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
1 month, 3 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 4 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States