Cross-Tenant Vulnerability

Title	Vulnerabilities	Programs	Authors
Lethal Injection: How We Hacked Microsoft's Healthcare Chat Bot	Chatbot Sandbox Escape Cross-Tenant Vulnerability RCE Memory Leak	Microsoft	Yanir Tsarimi (@Yanir_)
Arbitrary 1-click Azure tenant takeover via MS application	Cloud Privilege Escalation Cross-Tenant Vulnerability Phishing	Microsoft (Azure)	Arnau Ortega
Wiz Research finds architecture risks that may compromise AI-as-a-Service providers and consequently risk customer data; works with Hugging Face on mitigations	AI Malicious AI Model Cloud CI/CD RCE Insecure Deserialization Privilege Escalation Supply Chain Attack Cross-Tenant Vulnerability	Hugging Face	Shir Tamari (@Shirtamari) Sagi Tzadik (@Sagitz_)
Cross-Tenant Information Disclosure: Unraveling Microsoft Connections, Custom Connectors, and OAuth 2.0 in Power Automate	OAuth Cross-Tenant Vulnerability	Microsoft	Firas Fatnassi (@Fatnass1F1ras)
#BrokenSesame: Accidental ‘write’ permissions to private registry allowed potential RCE to Alibaba Cloud Database Services	Cloud RCE Container Escape Kubernetes Privilege Escalation Lateral Movement Supply Chain Attack Cross-Tenant Vulnerability	Alibaba	Ronen Shustin (@Ronenshh) Shir Tamari (@Shirtamari)
Two Minor Cross-Tenant Vulnerabilities in AWS App Runner	Cross-Tenant Vulnerability Cloud	AWS	Nick Frichette (@Frichette_n)
Riding the Azure Service Bus (Relay) into Power Platform	RCE Cross-Tenant Vulnerability Cloud Insecure Deserialization	Microsoft (Azure)	Nick Landers (@Monoxgas)
ACSESSED: Cross-tenant network bypass in Azure Cognitive Search	Cloud Cross-Tenant Vulnerability Privilege Escalation	Microsoft (Azure)	Emilien Socchi (@Emiliensocchi)
AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes	Cloud Cross-Tenant Vulnerability Broken Authorization	Oracle	Elad Gabay (@Eladgabay_)
The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors	Privilege Escalation Cross-Tenant Vulnerability OS Command Injection Local Privilege Escalation Cloud	Google Microsoft Aiven	Shir Tamari (@Shirtamari) Nir Ohfeld (@Nirohfeld) Sagi Tzadik (@Sagitz_)
FabricScape: Escaping Service Fabric and Taking Over the Cluster	Container Escape Local Privilege Escalation Cross-Tenant Vulnerability	Microsoft	Unit 42 (@Unit42_Intel)
SynLapse – Technical Details for Critical Azure Synapse Vulnerability	Cross-Tenant Vulnerability RCE Cloud	Microsoft	Tzah Pahima (@TzahPahima)
Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL	Cross-Tenant Vulnerability Privilege Escalation Authentication Bypass Cloud	Microsoft	Shir Tamari (@Shirtamari) Ronen Shustin (@Ronenshh) Nir Ohfeld (@Nirohfeld) Sagi Tzadik (@Sagitz_)
AutoWarp: Critical Cross-Account Vulnerability in Microsoft Azure Automation Service	Cross-Tenant Vulnerability Account Takeover	Microsoft	Yanir Tsarimi (@Yanir_)
ChaosDB Explained: Azure's Cosmos DB Vulnerability Walkthrough	Cross-Tenant Vulnerability Account Takeover Privilege Escalation	Microsoft	Nir Ohfeld (@Nirohfeld) Sagi Tzadik (@Sagitz_)
Cross-tenant Cloud Function compromise via storage bucket squatting	Cross-Tenant Vulnerability	Google	Anthony Weems

Page 1 of 1