all InfoSec news
ApatchMe
Nov. 2, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
page in the Google Composer UI were not patched against CVE-2023-29247 (Stored XSS).
This meant that post-authentication, a threat actor could have exploited this
to store their JavaScript payload in the victim's managed Apache Airflow instance
and run JavaScript on behalf of the victim (who could be an admin or another
user with higher permissions than the threat actor, thereby leading to privilege escalation).
With JavaScript, threat actors …
actor airflow amazon apache authentication composer cve exploited google instance javascript managed page payload run store stored xss task threat threat actor victim workflows xss
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
3 weeks, 1 day ago |
www.cloudvulndb.org
AWS Glue database password leakage
1 month, 1 week ago |
www.cloudvulndb.org
Synapse Analytics privilege escalation via intelligent caching
2 months, 2 weeks ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
3 months, 1 week ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 2 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Sr. Product Manager
@ MixMode | Remote, US
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Incident Response Lead(IR)
@ Blue Yonder | Hyderabad
Comcast Cybersecurity: Privacy Operations Executive Director
@ Comcast | PA - Philadelphia, 1701 John F Kennedy Blvd