all InfoSec news
AWS AppSync confused deputy via ServiceRoleArn
Nov. 21, 2022, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
to assume arbitrary roles which trusted the AppSync service. This was
due to insufficient validation of a serviceRoleArn parameter, allowing
an attacker to specify roles in other accounts. With this vulnerability,
an adversary could invoke arbitrary AWS API calls with the compromised role.
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
Azure HDInsight privilege escalation and DoS vulnerabilities
1 month, 3 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
3 months, 1 week ago |
www.cloudvulndb.org
Amazon WorkSpaces Windows client credential logging
5 months, 3 weeks ago |
www.cloudvulndb.org
Power Platform Custom Code information disclosure
7 months, 3 weeks ago |
www.cloudvulndb.org
XSS in Azure Bastion and Container Registry
9 months, 2 weeks ago |
www.cloudvulndb.org
Azure App Services takeover via legacy API
9 months, 2 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Azure Security Architect
@ First Quality | Remote US - Eastern or Central Timezone
Threat Intelligence Analyst
@ Atos | Remote Home, HOME (England & Wales), GB, Remote Hom
Alternance (F/H) Hardening, migration cloud et containerisation d'un application windows
@ Alstom | Villeurbanne, FR
Security Specialist / Analist (CIT)
@ Lely | Maassluis, Netherlands