all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Synlapse

Add to bookmarks
May 9, 2022, midnight |

The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org

Azure Synapse Analytics and Azure Data Factory were vulnerable to cross-tenant access and code execution.
This was made possible via a combination of (1) a shell injection RCE vulnerability in the integration runtime,
(2) credentials for multiple customers stored on a shared host and (3) an insecure management server API.

synlapse

Visit resource

More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database

Internal Azure Container Registry writable via exposed secret 5 days, 7 hours ago | www.cloudvulndb.org
access apollo azure azure container registry +19
Lethal Injection 2 weeks ago | www.cloudvulndb.org
access amp attackers auth +24
GraphNinja 3 weeks, 1 day ago | www.cloudvulndb.org
attackers attacks authentication credentials +14
AWS Amplify IAM role publicly assumable exposure 1 month ago | www.cloudvulndb.org
account amplify aws cli +12
AWS Glue database password leakage 1 month, 1 week ago | www.cloudvulndb.org
access aws aws glue can +11
FlowFixation 2 months ago | www.cloudvulndb.org
airflow amazon apache attack +25
Synapse Analytics privilege escalation via intelligent caching 2 months, 2 weeks ago | www.cloudvulndb.org
analytics caching context environment +16
Azure Site Recovery privilege escalation 3 months, 1 week ago | www.cloudvulndb.org
access access token account asr +19
Azure HDInsight privilege escalation and DoS vulnerabilities 3 months, 2 weeks ago | www.cloudvulndb.org
apache attacker azure dos +9

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada
View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA
View on infosec-jobs.com

Associate Product Security Engineer

@ Humana | USA - Berkeley, MO
View on infosec-jobs.com

Cyberspace Capability Developer

@ SNC-Lavalin | MA105: BBN Headquarters 10 Moulton Street , Cambridge, MA, 02138 USA
View on infosec-jobs.com