原文始发于GitHub:公有云漏洞相关的资料整理
Goal:
List of all the Publicly disclosed vulnerabilities of Public Cloud Provider like Amazon Web Services (AWS), Microsoft Azure, Google Cloud, Oracle Cloud, IBM Cloud etc
NOTE: This list will not cover any data breaches caused by misconfiguration
Table of contents
Contribute
Do you want to contribute to this list? Feel free to send a PR.
Cloud Service Provider Vulnerabilites
Amazon Web Services (AWS)
- AWS: Execution in CloudFormation service account – Published: 26 August,2020 – Status: RESOLVED
- AWS IAM Cross Account – Published: 4 August,2021 – Status: RESOLVED
- AWS SageMaker Notebook – Published: 7 December,2021 – Status: RESOLVED
- Breaking Formation: AWS Cloudformation– Published: 13 Jan,2022 – Status: RESOLVED
- SuperGlue: AWS Glue – Published: 13 Jan,2022 – Status: RESOLVED
Microsoft Azure
- ChaosDB:Azure Cosmos DB – Published: 7 August,2021 – Status: RESOLVED
- Azure: Azurescape – Published: 9 September,2021 – Status: RESOLVED
- OMIGOD:Microsoft Open Management Infrastructure (OMI) – Published: 14 September,2021 – Status: RESOLVED
- NotLegit: Azure App Service – Published: 21 December,2021 – Status: RESOLVED
- ExtraReplica:Azure PostgreSQL – Published: 28 April,2022 – Status: RESOLVED
- AutoWrap: Azure Automation – Published: 7 March,2021 – Status: RESOLVED
- Synapse: Azure Synapse Analytics – Published: 9 May,2021 – Status: PARTIAL(requires User Caution)
Google Cloud
Oracle Cloud
IBM Cloud
All Cloud
- sudo vulnerability – Published 6 August,2021 – Status: PARTIAL (requires User Caution)
- Dynamic DNS – Published 6 August,2021 – Status: PARTIAL (requires User Caution)
- Log4Shell – Published 13 December,2021 – Status: Resolved
- Spring4Shell – Published 13 March,2022 – Status: Resolved
Useful Links
Security Bulletin
Vulnerability Disclosure
All identified vulnerabilities should be disclosed to the vendors/maintainers of affected software or hardware systems directly. All major cloud providers have published disclosure addresses
Awesome Community Links
- Toni De La Fuente – My-Arsenal-of-aws-security-tools
- Scott Piper – csp_security_mistakes
相关文章
暂无评论...