Awesome
Goal:
List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc
NOTE: This list will not cover any data breaches caused by misconfiguration
Table of contents
<!--ts--> <!--te-->Contribute
Do you want to contribute to this list? Feel free to send a PR.
Cloud Service Provider Vulnerabilites
Amazon Web Services (AWS)
- AWS: Execution in CloudFormation service account - Published: 26 August,2020 - Status: RESOLVED
- AWS IAM Cross Account - Published: 4 August,2021 - Status: RESOLVED
- AWS SageMaker Notebook - Published: 7 December,2021 - Status: RESOLVED
- Breaking Formation: AWS Cloudformation - Published: 13 Jan,2022 - Status: RESOLVED
- SuperGlue: AWS Glue - Published: 13 Jan,2022 - Status: RESOLVED
- AWS EKS Authentication Vulnerabilty - Published: 11 Jul,2022 - Status: RESOLVED (requires User Intervention in certain scenarios to fix)
- AWS S3 Replication Service - Only logs first destination bucket - Published: 20 Jul,2022 - Status: NO FIX PROVIDED
- AWS CodeArtifact - Depedency Confusion - Published: 28 Jul,2022 - Status: RESOLVED
- AWS CloudTrail - iamadmin CloudTrail Bypass - Published: 17 January,2023 - Status: RESOLVED
- AWS App Runner Cross Tenant- Published:3 April,2023 - Status: RESOLVED
Microsoft Azure
- ChaosDB:Azure Cosmos DB - Published: 7 August,2021 - Status: RESOLVED
- Azure: Azurescape - Published: 9 September,2021 - Status: RESOLVED
- OMIGOD:Microsoft Open Management Infrastructure (OMI) - Published: 14 September,2021 - Status: RESOLVED
- NotLegit: Azure App Service - Published: 21 December,2021 - Status: RESOLVED
- ExtraReplica:Azure PostgreSQL - Published: 28 April,2022 - Status: RESOLVED
- AutoWrap: Azure Automation - Published: 7 March,2021 - Status: RESOLVED
- Synapse: Azure Synapse Analytics - Published: 9 May,2021 - Status: PARTIAL(requires User Caution)
- FabricSCape: Microsoft Service Fabric - commonly used with many Azure offerings - Published: 14 June,2022 - Status: RESOLVED (requires User Intervention in certain scenarios to fix)
- Azure WAF - Pattern bypass with OWASP 3.2 managed rule set - Published: 2 July,2022 - Status: RESOLVED
- Azure Site Recovery service susceptible to DLL Hijacking flaw - Published: 13 July,2022 - Status: RESOLVED
- Azure Database for PostgreSQL - escape to host - Published 12 August,2022 - STATUS: RESOLVED
- Azure Synapse Analytics - Published: 1 September,2022 - Status: RESOLVED
- Azure Cloud Shell Command Injection Stealing User’s Access Tokens - Published: 20 September,2022 - Status: RESOLVED
- Authenticated SSRF Vulnerability on Azure API Management Service - Published: 17 January,2023 - Status: RESOLVED
- Authenticated SSRF Vulnerability on Azure Machine Learning Service - Published: 17 January,2023 - Status: RESOLVED
- Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer - Published: 17 January,2023 - Status: RESOLVED
- Unauthenticated SSRF Vulnerability on Azure Functions - Published: 17 January,2023 - Status: RESOLVED
- Azure Active Directory B2C service – Crypto Misuse and Account Compromise - Published: 15 February,2023 - Status: RESOLVED
- Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer - Published: 30 March,2023 - Status: RESOLVED
Google Cloud
- Cloud SQL's PostgreSQL engine - escape to host - Published 12 August,2022 - STATUS: RESOLVED
- Asset Key Thief - Google Cloud privilege escalation vulnerability that enabled principals with the "Cloud Asset Viewer" role - Published 19 April,2023 - STATUS: RESOLVED
Oracle Cloud
- AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes - Published 21 September,2022 - STATUS: RESOLVED
IBM Cloud
Alibaba Cloud
- BrokenSesame - Published 19 April,2023 - STATUS: RESOLVED
All Cloud
- sudo vulnerability - Published 6 August,2021 - Status: PARTIAL (requires User Caution)
- Dynamic DNS - Published 6 August,2021 - Status: PARTIAL (requires User Caution)
- Log4Shell - Published 13 December,2021 - Status: Resolved
- Spring4Shell - Published 13 March,2022 - Status: Resolved
Useful Links
Security Bulletin
Vulnerability Disclosure
All identified vulnerabilities should be disclosed to the vendors/maintainers of affected software or hardware systems directly. All major cloud providers have published disclosure addresses
Other Community Links - you may find helpful for Cloud Security
- Toni De La Fuente - My-Arsenal-of-aws-security-tools
- Wiz - [Cloud Vulnerability Database] cloudvulndb
- Orca Security - Cloud Risk Encyclopedia
- LightSpin - Attack Path for Domains
- Snyk - Open Source Vulnerability Database
- JupiterOne - Starbase - a Graph-based security analysis
For more Cloud Security Resources, Training, Interviews and more check out Cloud Security Podcast Website | YouTube | Linkedin | Apple | Spotify | Twitter