Vulnerabilities tagged "cloud"

Azure Automation would run an internal service serving JWTs that could be accessed across tenant boundaries.

**Escaping to the Node Virtual Machine**

Basic idea here is that you could mount unintended paths due to embeding null-bytes in acceptable mount and generally improper handling of null-bytes within a mount source.While Go does not provide any special handling for strings containing null bytes, the `send_mountsources` written in C just iterates over the provided message mounting every null-terminated substring and passes the resultant fds to the child...

Server-Side Request Forgery (SSRF) in the AppSheet product, an acquisition by Google which is a "no-code" application generator.One feature is that a web-hook can be executed in respond to supported events...

Kubernetes has a feature called "volume subpaths", which is intended to enable sharing of a volume between multiple containers in a particular pod.Critically, these subpaths are controlled by the user...

Starts off by detailing a self XSS through JupyterLabs Notebook's `/lab` endpoint, where an attacker can control the page contents.In and of itself this isn't an issue, an attacker can only control the page contents of a notebook instance they own...

An attacker with write access to the repository could bypass branch protection rules that require all pull requests undergo a code-review before being merged.The issue is just a logic issue rooted in the fact that firstly, anyone with write access can create an unprotected branch and define GitHub Actions for it, and secondly that a GitHub action can perform code reviews (though restrictions can be added on who the approved reviewers are)...

Three bugs relating to insecurely configured CloudKit containers, the big one being the accidental deletion of all Apple Shortcuts, but also the ability to delete records on Apple News, and modify data used on the iCrowd+ website.

This is a vulnerability within the `check-spelling` workflow specifically and not GitHub Actions.This workflow is used to, well, check the spelling on an incoming Pull Request...

**tl;dr** Cool chain to escape and impact other containers on `Azure Container Instances` hosted by Kubernetes clusters (some are hosted by Service Fabric Clusters which are not vulnerable in this way), first is the container escape itself into the containing node/vm, followed by a leaked JWT useful to run commands against all nodes in the cluster.