Awesome

Goal:

List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc

NOTE: This list will not cover any data breaches caused by misconfiguration

Table of contents

• Contribute
• Cloud Security Provider Vulnerabilites
  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud
  • Oracle Cloud
  • IBM Cloud
  • All Cloud
• Useful Links
  • Security Bulletin
  • Vulnerability Disclosure

Contribute

Do you want to contribute to this list? Feel free to send a PR.

Cloud Service Provider Vulnerabilites

Amazon Web Services (AWS)

• AWS: Execution in CloudFormation service account - Published: 26 August,2020 - Status: RESOLVED
• AWS IAM Cross Account - Published: 4 August,2021 - Status: RESOLVED
• AWS SageMaker Notebook - Published: 7 December,2021 - Status: RESOLVED
• Breaking Formation: AWS Cloudformation - Published: 13 Jan,2022 - Status: RESOLVED
• SuperGlue: AWS Glue - Published: 13 Jan,2022 - Status: RESOLVED
• AWS EKS Authentication Vulnerabilty - Published: 11 Jul,2022 - Status: RESOLVED (requires User Intervention in certain scenarios to fix)
• AWS S3 Replication Service - Only logs first destination bucket - Published: 20 Jul,2022 - Status: NO FIX PROVIDED
• AWS CodeArtifact - Depedency Confusion - Published: 28 Jul,2022 - Status: RESOLVED
• AWS CloudTrail - iamadmin CloudTrail Bypass - Published: 17 January,2023 - Status: RESOLVED
• AWS App Runner Cross Tenant- Published:3 April,2023 - Status: RESOLVED

Microsoft Azure

• ChaosDB:Azure Cosmos DB - Published: 7 August,2021 - Status: RESOLVED
• Azure: Azurescape - Published: 9 September,2021 - Status: RESOLVED
• OMIGOD:Microsoft Open Management Infrastructure (OMI) - Published: 14 September,2021 - Status: RESOLVED
• NotLegit: Azure App Service - Published: 21 December,2021 - Status: RESOLVED
• ExtraReplica:Azure PostgreSQL - Published: 28 April,2022 - Status: RESOLVED
• AutoWrap: Azure Automation - Published: 7 March,2021 - Status: RESOLVED
• Synapse: Azure Synapse Analytics - Published: 9 May,2021 - Status: PARTIAL(requires User Caution)
• FabricSCape: Microsoft Service Fabric - commonly used with many Azure offerings - Published: 14 June,2022 - Status: RESOLVED (requires User Intervention in certain scenarios to fix)
• Azure WAF - Pattern bypass with OWASP 3.2 managed rule set - Published: 2 July,2022 - Status: RESOLVED
• Azure Site Recovery service susceptible to DLL Hijacking flaw - Published: 13 July,2022 - Status: RESOLVED
• Azure Database for PostgreSQL - escape to host - Published 12 August,2022 - STATUS: RESOLVED
• Azure Synapse Analytics - Published: 1 September,2022 - Status: RESOLVED
• Azure Cloud Shell Command Injection Stealing User’s Access Tokens - Published: 20 September,2022 - Status: RESOLVED
• Authenticated SSRF Vulnerability on Azure API Management Service - Published: 17 January,2023 - Status: RESOLVED
• Authenticated SSRF Vulnerability on Azure Machine Learning Service - Published: 17 January,2023 - Status: RESOLVED
• Unauthenticated SSRF Vulnerability on Azure Digital Twins Explorer - Published: 17 January,2023 - Status: RESOLVED
• Unauthenticated SSRF Vulnerability on Azure Functions - Published: 17 January,2023 - Status: RESOLVED
• Azure Active Directory B2C service – Crypto Misuse and Account Compromise - Published: 15 February,2023 - Status: RESOLVED
• Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer - Published: 30 March,2023 - Status: RESOLVED

Google Cloud

• Cloud SQL's PostgreSQL engine - escape to host - Published 12 August,2022 - STATUS: RESOLVED
• Asset Key Thief - Google Cloud privilege escalation vulnerability that enabled principals with the "Cloud Asset Viewer" role - Published 19 April,2023 - STATUS: RESOLVED

Oracle Cloud

• AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes - Published 21 September,2022 - STATUS: RESOLVED

IBM Cloud

Alibaba Cloud

• BrokenSesame - Published 19 April,2023 - STATUS: RESOLVED

All Cloud

• sudo vulnerability - Published 6 August,2021 - Status: PARTIAL (requires User Caution)
• Dynamic DNS - Published 6 August,2021 - Status: PARTIAL (requires User Caution)
• Log4Shell - Published 13 December,2021 - Status: Resolved
• Spring4Shell - Published 13 March,2022 - Status: Resolved

Useful Links

Security Bulletin

• Amazon Web Services (AWS) - (link)
• Microsoft - (link)
• Google Cloud - (link)

Vulnerability Disclosure

All identified vulnerabilities should be disclosed to the vendors/maintainers of affected software or hardware systems directly. All major cloud providers have published disclosure addresses

• AWS - (link)
• Azure - (link)
• Google GCP - (link)
• Oracle OCI - (link).

Other Community Links - you may find helpful for Cloud Security

• Toni De La Fuente - My-Arsenal-of-aws-security-tools
• Wiz - [Cloud Vulnerability Database] cloudvulndb
• Orca Security - Cloud Risk Encyclopedia
• LightSpin - Attack Path for Domains
• Snyk - Open Source Vulnerability Database
• JupiterOne - Starbase - a Graph-based security analysis

For more Cloud Security Resources, Training, Interviews and more check out Cloud Security Podcast Website | YouTube | Linkedin | Apple | Spotify | Twitter