This vulnerability impacts kubernetes setups using NGINX as the ingress controller via [ingress-nginx](https://github.com/kubernetes/ingress-nginx). At first I wanted to blame this one on block-listing when they should have used an allow-list, but its not quite that, but it is basically just a missed edge-case that allows for code execution.
Orca Security presents a privilege escalation method in Azure environments, its nothing to crazy, but atleast worth taking note of.the first concept to understand are Azure Storage Account keys, when you first create a storage account, by default Azure generates a couple 512-bit storage account access keys that can be used to access the account...
A look at how logging attacker controlled data can be problematic in Azure Pipelines to potentially gain code execution and access to sensitive environment variables.
At its core, we have a simple mistake that can be made pretty easily on all of the cloud platforms though this post focuses in on Azure App Services and Azure Functions.Being able to easily add authentication to your apps on either is nice, but they can easily be misconfigured...
Two CloudTrail logging vulnerabilities have been identified, involving endpoints/services that fail to log properly.
A bit of research on leaking access tokens from OAuth2/OIDC flows, in all cases you already need a cross-site scripting vulnerability to exist on the host recieving the callback, it does present an interesting case of escalating two often unimportant issues, a self-XSS and a Login CSRF, into an account takeover though.
Cool, yet simple finding from the DataDog security team where calls to an undocument `iamadmin` service would also not appear in CloudTrail logs but could reproduce the functionality of several standard IAM service methods.
A cool bug that can inject a new user with controlled SSH key into a compute instance and the request doing this can be reached via a GET request with no anti-CSRF token.
An IDOR style issue allowing access to the data plane of a Azure Cognitive Search instance even if that instance was isolated from the internet.
Two parts to the post the vulnerability is a simple SQL injection, URL data winds up in the query.Nothing too special there...