Vulnerabilities tagged "cloud"

[Kubernetes] Ingress nginx annotation injection causes arbitrary command execution

This vulnerability impacts kubernetes setups using NGINX as the ingress controller via [ingress-nginx]( At first I wanted to blame this one on block-listing when they should have used an allow-list, but its not quite that, but it is basically just a missed edge-case that allows for code execution.

From listKeys to Glory: Abusing Azure Storage Account Keys

Orca Security presents a privilege escalation method in Azure environments, its nothing to crazy, but atleast worth taking note of.the first concept to understand are Azure Storage Account keys, when you first create a storage account, by default Azure generates a couple 512-bit storage account access keys that can be used to access the account...