all InfoSec news
Azure Site Recovery privilege escalation
Feb. 13, 2024, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
to manage Site Recovery extensions on VMs. However, the Runbook (a set of scripts for managing extensions)
executed by the Automation Account had its job output visible to users, and this output mistakenly included
a cleartext Management-scoped Access Token for the System-Assigned Managed Identity, which possesses the
Contributor role over the entire Azure subscription. Therefore, lower-privileged user roles who could access
the Automation Account's …
access access token account asr automation azure azure site recovery escalation extensions identity job manage managed management privilege privilege escalation recovery scripts service system token visible vms
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
2 days, 21 hours ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
2 weeks, 2 days ago |
www.cloudvulndb.org
AWS Glue database password leakage
2 weeks, 6 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 1 week ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Sr. Cloud Security Engineer
@ BLOCKCHAINS | USA - Remote
Network Security (SDWAN: Velocloud) Infrastructure Lead
@ Sopra Steria | Noida, Uttar Pradesh, India
Senior Python Engineer, Cloud Security
@ Darktrace | Cambridge
Senior Security Consultant
@ Nokia | United States
Manager, Threat Operations
@ Ivanti | United States, Remote
Lead Cybersecurity Architect - Threat Modeling | AWS Cloud Security
@ JPMorgan Chase & Co. | Columbus, OH, United States