all InfoSec news
Google Cloud Shell command injection
Aug. 10, 2022, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
By manipulating the "project" parameter, an attacker could have cause an unencoded Python script execution flaw.
Exploiting this flaw, they could inject a command to display the contents of the "/etc/passwd" file,
successfully execute arbitrary commands and obtain remote shell access. However, the impact of this is unclear,
as an attacker would seemingly only be able to gain such a remote shell on their own …
access cloud command command injection display etc exploiting file flaw google google cloud inject injection parameter project python python script script shell vulnerability
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
AWS Glue database password leakage
3 weeks, 4 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 2 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States
Information Assurance Security Specialist (IASS)
@ OBXtek Inc. | United States
Cyber Security Technology Analyst
@ Airbus | Bengaluru (Airbus)
Vice President, Cyber Operations Engineer
@ BlackRock | LO9-London - Drapers Gardens