all InfoSec news
EmojiDeploy
Jan. 19, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
enabled by default. These services were all susceptible to a CSRF vulnerability due to an
overly-permissive regular expression (regex) in a filter for malformed origins. This allowed
origin bypass when using a domain name structured as 'victim.scm.azurewebsites.net._.attacker.com'
(note the use of '._.', which looks like an emoji). Thus, if a target Azure user were tricked
into visiting a specially crafted webpage served by a domain …
azure bypass control csrf default domain domain name emoji emojideploy filter malformed management name .net origin panel regex regular expression scm services target victim vulnerability web web services
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
1 month, 1 week ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
1 month, 3 weeks ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 4 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Senior Security Researcher - Linux MacOS EDR (Cortex)
@ Palo Alto Networks | Tel Aviv-Yafo, Israel
Sr. Manager, NetSec GTM Programs
@ Palo Alto Networks | Santa Clara, CA, United States
SOC Analyst I
@ Fortress Security Risk Management | Cleveland, OH, United States