The Open Cloud Vulnerability & Security Issue Database

Entra ID actor token validation bug allowing cross-tenant global admin

A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant access and potential global admin privilege escalation. The flaw was found in the legacy Azu...

Dataform cross-tenant path traversal

Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access to other customer's code repositories and data. By preparing a maliciously crafted package.json file, an at...

AWS ECS Agent Information Disclosure Vulnerability

A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host. This information disclosure issue, if exploited, could allow another instance in the same securi...

Remote Prompt Injection in GitLab Duo Leaks Source Code

A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack ...

AWS Security Tool Introduces Privilege Escalation Risk

AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers wer...

FreeRTOS and coreSNTP Security Advisories

Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have b...