all InfoSec news
Azure Devops account takeover via dangling subdomain takeover
Nov. 7, 2022, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
subdomains corresponding to subdomains at visualstudio.com. Had these been
discovered and registered by an attacker, this would have been equivalent
to a 1-click vulnerability for Azure DevOps: the attacker could have crafted
a URL referring to the sign-in API for Azure DevOps Services (app.vssps.visualstudio.com)
using one of the two subdomains in the "reply_to" field (since subdomains
of visualstudio.com would be allowed by the API). If clicked on by a target
Azure DevOps …
account account takeover azure devops subdomain subdomain takeover takeover
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
1 week, 3 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 1 week ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 2 weeks ago |
www.cloudvulndb.org
Amazon WorkSpaces Windows client credential logging
6 months, 2 weeks ago |
www.cloudvulndb.org
Power Platform Custom Code information disclosure
8 months, 3 weeks ago |
www.cloudvulndb.org
Azure Front Door client-side desync
9 months, 4 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cyber Systems Administration
@ Peraton | Washington, DC, United States
Android Security Engineer, Public Sector
@ Google | Reston, VA, USA
Lead Electronic Security Engineer, CPP - Federal Facilities - Hybrid
@ Black & Veatch | Denver, CO, US
Profissional Sênior de Compliance & Validação em TI - Montes Claros (MG)
@ Novo Nordisk | Montes Claros, Minas Gerais, BR
Principal Engineer, Product Security Engineering
@ Google | Sunnyvale, CA, USA