all InfoSec news
BrokenSesame
April 19, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
which ultimately allowed unauthorized access to other tenants' databases and the ability
to perform a supply-chain attack on both services, which in turn would have allowed remote
code execution (RCE) as well. Both services implemented multi-tenancy through a shared K8s
cluster, but contained several bugs related to tenant isolation which an attacker could
chain together to achieve the above impact. In ApsaraDB, these included privilege escalation
to root in a …
access attack bugs cluster code code execution container container escape databases escalation escape impact isolation k8s namespace nodes permissions postgresql privilege privilege escalation rce remote code remote code execution root services supply turn unauthorized access vulnerabilities
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
1 day, 20 hours ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
2 weeks, 1 day ago |
www.cloudvulndb.org
AWS Glue database password leakage
2 weeks, 5 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 1 week ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineer - Vulnerability Management
@ Starling Bank | Southampton, England, United Kingdom
Manager Cybersecurity
@ Sia Partners | Rotterdam, Netherlands
Compliance Analyst
@ SiteMinder | Manila
Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447
@ Allen Integrated Solutions | Chantilly, Virginia, United States
Enterprise Cyber Security Analyst – Advisory and Consulting
@ Ford Motor Company | Mexico City, MEX, Mexico