SummitRoute/csp_security_mistakes

Additional security mistakes

ramimac opened this issue · 0 comments

ramimac commented

Security September (which includes two issues already in the repo) had five entries, one of which was unexploitable.

  1. https://onecloudplease.com/blog/security-september-racing-against-cloudwatch-synthetics-canaries
  2. https://onecloudplease.com/blog/security-september-fun-with-fncidr
  3. Ian has also disclosed: https://onecloudplease.com/blog/s3-bucket-namesquatting
  4. GKE and EKS were vulnerable to the CAP_NET_RAW issues as well
  5. A 2012 security analysis of AMIs found

    we were also able to undeleted 8,996 files from an official image that was published by Amazon AWS itself.

  6. csv injection in cloudtrail disclosed by Rhino
  7. 2008 - AWS Sig V1 vulnerability