all InfoSec news
EmojiDeploy
Jan. 19, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
enabled by default. These services were all susceptible to a CSRF vulnerability due to an
overly-permissive regular expression (regex) in a filter for malformed origins. This allowed
origin bypass when using a domain name structured as 'victim.scm.azurewebsites.net._.attacker.com'
(note the use of '._.', which looks like an emoji). Thus, if a target Azure user were tricked
into visiting a specially crafted webpage served by a domain …
azure bypass control csrf default domain domain name emoji emojideploy filter malformed management name .net origin panel regex regular expression scm services target victim vulnerability web web services
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
2 weeks, 4 days ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
3 months, 1 week ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
Senior Product Delivery Associate - Cybersecurity | CyberOps
@ JPMorgan Chase & Co. | NY, United States
Security Ops Infrastructure Engineer (Remote US):
@ RingCentral | Remote, USA
SOC Analyst-1
@ NTT DATA | Bengaluru, India