all InfoSec news
Asset Key Thief
April 19, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
privilege escalation vulnerability that enabled
principals with the "Cloud Asset Viewer" role (or other roles
with the `cloudasset.assets.searchAllResources` permission) on the
Cloud Asset Inventory API, at the Project, Folder, or Organization level
to view and exfiltrate any user-managed Service Account
private key under a project within the same Google Cloud environment that
had been created or rotated up to a maximum of 12 hours ago.
Access to Service Account private keys enable the …
access account api asset asset inventory assets attackers cloud enable environment escalation folder google google cloud identity inventory key keys managed organization permission private private key private keys privilege privilege escalation privileges project role roles service thief under viewer vulnerability
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
5 days, 2 hours ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
2 weeks, 5 days ago |
www.cloudvulndb.org
AWS Glue database password leakage
3 weeks, 2 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 4 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 2 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Senior Security Engineer - Detection and Response
@ Fastly, Inc. | US (Remote)
Application Security Engineer
@ Solidigm | Zapopan, Mexico
Defensive Cyber Operations Engineer-Mid
@ ISYS Technologies | Aurora, CO, United States
Manager, Information Security GRC
@ OneTrust | Atlanta, Georgia
Senior Information Security Analyst | IAM
@ EBANX | Curitiba or São Paulo
Senior Information Security Engineer, Cloud Vulnerability Research
@ Google | New York City, USA; New York, USA