all InfoSec news
Azure on-premises data gateway cross-tenant access
March 30, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
several Azure cloud services, and also enables a connected agent installed locally in an
on-prem network to perform certain actions remotely. NetSPI discovered a deserialization
issue in Microsoft Power Platform connectors that lead to RCE on several Azure backend
servers that processed call backs from on-premises data gateways, effectively allowing
unauthorized cross-tenant access.
access actions agent azure azure cloud azure cloud services backend call cloud cloud services connectors customer data data transfer deserialization gateway issue locally microsoft netspi network on-prem platform power rce servers services
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
6 days, 3 hours ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
2 weeks, 6 days ago |
www.cloudvulndb.org
AWS Glue database password leakage
3 weeks, 3 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 4 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 2 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
DevSecOps Engineer
@ Material Bank | Remote
Instrumentation & Control Engineer - Cyber Security
@ ASSYSTEM | Bridgwater, United Kingdom
Security Consultant
@ Tenable | MD - Columbia - Headquarters
Management Consultant - Cybersecurity - Internship
@ Wavestone | Hong Kong, Hong Kong
TRANSCOM IGC - Cybersecurity Engineer
@ IT Partners, Inc | St. Louis, Missouri, United States
Manager, Security Operations Engineering (EMEA)
@ GitLab | Remote, EMEA