writeups.xyz / AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes

Submitter : c2a

Date: 20 September 2022

Bounty : undisclosed

Vulnerabilities :

• Cloud
• Cross-Tenant Vulnerability
• Broken Authorization

Programs :

• Oracle

Authors :

• Elad Gabay (@Eladgabay_)

Link :
https://www.wiz.io/blog/attachme-oracle-cloud-vulnerability-allows-unauthorized-cross-tenant-volume-access