all InfoSec news
FabriXss
Oct. 11, 2022, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
An attacker with existing access to a "Deployer" type user with CreateComposeDeployment permissions
in a given cluster could create a malicious application with a specially-crafted name. This would
lead to client-side template injection (CSTI) and storing a malicious XSS payload in a dashboard
shared between users of the same cluster. If a victim user with administrative permissions logged
into the compromised SFX dashboard and clicked …
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Amplify IAM role publicly assumable exposure
4 days, 13 hours ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 1 week ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
3 months, 4 weeks ago |
www.cloudvulndb.org
Amazon WorkSpaces Windows client credential logging
6 months, 1 week ago |
www.cloudvulndb.org
Power Platform Custom Code information disclosure
8 months, 2 weeks ago |
www.cloudvulndb.org
Azure Front Door client-side desync
9 months, 3 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Information Security Manager & ISSO
@ Federal Reserve System | Minneapolis, MN
Forensic Lead
@ Arete | Hyderabad
Lead Security Risk Analyst (GRC)
@ Justworks, Inc. | New York City
Consultant Senior en Gestion de Crise Cyber et Continuité d’Activité H/F
@ Hifield | Sèvres, France