Vulnerabilities tagged "cloud"

A cool bug that can inject a new user with controlled SSH key into a compute instance and the request doing this can be reached via a GET request with no anti-CSRF token.

An IDOR style issue allowing access to the data plane of a Azure Cognitive Search instance even if that instance was isolated from the internet.

Two parts to the post the vulnerability is a simple SQL injection, URL data winds up in the query.Nothing too special there...

An email normalization issue allowing for remote control of a vehicle.

This blogpost is essentially using a previous sandbox escape they discovered against Backstage, which is Spotify's incubated solution for managing infrastructure and microservices and such.Backstage includes software templates, which can contain ` message` parameter that gets rendered in Nunjucks (a JS templating engine)...

Bypassing an authentication check in AWS AppSync by changing the case of a JSON key.

The root of the issue is that XSLTC (turns XSLT into a Java Class to be executed for better performance) does not account for that fact that the `constant_pool_count` in a Java class is only 16bits. An attacker can create an XSLT document containing too many constants, all of which will be written to the class file, but the count will be truncated to 16bits, leading to some of those constants being interpreted as part of the classfile containing things like field and method descriptions for the class.

As the title says, some weird load balancers issues, core problem being that user-specific data would be cached and returned to other users.

A cool look at finding a vulnerability on a statically generated website, due to the presence of an image optimizer running as a serverless function.The Netlify IPX would normally validate image urls before fetching them to ensure the host is whitelisted (none by default), however this whitelist is skipped when it believe the URL is a local URL, meaning it does not start with `http`...

When performing a BulkImport it is possible to provide a URL to`httpUrlToRepo` that will resolve to a repository on the local filesystem.