writeups.xyz writeups.xyz / Cloud

Title Vulnerabilities Programs Authors
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
UnOAuthorized: Privilege Elevation Through Microsoft Applications
Escalating Privileges in Google Cloud via Open Groups
ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions
Exploiting Broken Authentication Control In GraphQL
NO_WILDCARD: How I discovered the Organization ID of any AWS Account
Exploiting GCP Cloud Build for Privilege Escalation
Capturing Exposed AWS Keys During Dynamic Web Application Tests
SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts
Unveiling TE.0 HTTP Request Smuggling: Discovering a Critical Vulnerability in Thousands of Google Cloud Websites
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
Non-Production Endpoints as an Attack Surface in AWS
Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Arbitrary 1-click Azure tenant takeover via MS application
So I Became A Node: Exploiting Bootstrap Tokens In Azure Kubernetes Service
Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover (CVE-2024-28056)
Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations
FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk
OpenStack Admin Account Takeover due to Unsafe Environment Handling in MuranoPL
Conditional Love for AWS Metadata Enumeration
Sys:All: How A Simple Loophole in Google Kubernetes Engine Puts Clusters at Risk of Compromise
Entra ID Connect Arbitrary Password Overwrite
Unauthenticated Access to GCP Dataproc Can Lead to Data Leak